workflow-automation
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses 'npx claude-flow', which fetches the 'claude-flow' package from the npm registry at runtime. This package is not part of the trusted vendors list or a verified source.
- [COMMAND_EXECUTION]: Shell commands are executed via npx to perform workflow management tasks such as creation, execution, and export.
- [PROMPT_INJECTION]: The skill processes workflow definitions that assign tasks to various agent types (e.g., researcher, coder, tester). This is a vulnerability surface for indirect prompt injection.
- Ingestion points: YAML workflow files and command-line arguments specifying task descriptions.
- Boundary markers: No markers or instructions are provided to the agents to distinguish between system instructions and untrusted content within the workflow steps.
- Capability inventory: The skill can orchestrate multiple agents and execute automated steps including code implementation and deployment flows.
- Sanitization: There is no validation or sanitization of the 'task' strings or YAML structures before they are processed by the underlying agents.
Audit Metadata