Skills
skills/ruvnet/claude-flow/agent-workflow/Gen Agent Trust Hub

agent-workflow

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE] (SAFE): Analysis of the skill instructions and provided Javascript snippets reveals no malicious intent. The skill uses standard Model Context Protocol (MCP) patterns to interface with a workflow management system.
  • [Indirect Prompt Injection] (LOW): The skill processes untrusted input data via the input_data parameter in workflow_execute. While this presents an ingestion point for indirect prompt injection, it is a standard functional requirement for workflow automation.
  • Ingestion points: input_data parameter in mcp__flow-nexus__workflow_execute (SKILL.md).
  • Boundary markers: Not explicitly defined in the provided snippets.
  • Capability inventory: workflow_create, workflow_execute (SKILL.md).
  • Sanitization: No explicit sanitization or validation logic is defined within the prompt instructions, relying on the underlying tool implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM