default-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and follows instructions from an external local file.
- Ingestion points: The agent is instructed to read
~/.amplihack/.claude/workflow/DEFAULT_WORKFLOW.mdimmediately upon activation inSKILL.md. - Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present to isolate the workflow content.
- Capability inventory: The skill allows the external workflow file to dictate the invocation of multiple specialized agents (e.g., architect, security, builder), granting it significant control over the agent's logical flow.
- Sanitization: There is no evidence of sanitization or validation of the content read from the workflow file before it is used to direct agent behavior.
Audit Metadata