asc-workflow
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill's primary purpose is to execute shell commands specified in a
.asc/workflow.jsonfile. - Evidence: The documentation describes the
runstep executing commands viabash -o pipefail -c. - Risk: This allows for arbitrary command execution on the host machine based on repository content.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection by processing untrusted data from repository files into shell execution strings.
- Ingestion points:
.asc/workflow.jsonand CLI parameters. - Boundary markers: Absent; no delimiters or warnings are used to separate instructions from untrusted data.
- Capability inventory: Full shell command execution via subprocess calls.
- Sanitization: Absent; the skill relies on standard shell variable expansion without input validation or escaping.
Audit Metadata