Skills
skills/rysweet/amplihack/default-workflow/Gen Agent Trust Hub

default-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a 'thin wrapper' architectural pattern where core execution instructions are dynamically loaded from a local file at ~/.amplihack/.claude/workflow/DEFAULT_WORKFLOW.md. This constitutes an indirect prompt injection surface as the agent's behavior is governed by data ingested from the local file system.
  • Ingestion points: ~/.amplihack/.claude/workflow/DEFAULT_WORKFLOW.md (read via the Read tool).
  • Boundary markers: Absent; the skill explicitly directs the agent to 'Follow all steps exactly' as specified in the external file.
  • Capability inventory: The workflow involves file system modifications, GitHub PR and issue management, versioning, and code implementation.
  • Sanitization: Absent. However, as this file is part of the vendor-owned application configuration directory, the risk is consistent with standard application functionality.
  • [SAFE]: No evidence of hardcoded credentials, data exfiltration, or unauthorized network operations was detected. The skill's file access is limited to its own configuration directory.
  • [NO_CODE]: This skill consists entirely of instructional markdown and does not contain any executable scripts or binary files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 05:33 AM