sh2-run
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill performs standard task management by reading internal configuration files and orchestrating other internal skills.
- [PROMPT_INJECTION]: The skill exhibits an indirect injection surface by using local file-based data to drive logic, which is a standard and necessary feature for its orchestration purpose.
- Ingestion points: Reads task metadata and priority from .wf/schedule.json and state.json.
- Boundary markers: None identified; the data is used to populate internal skill arguments.
- Capability inventory: Triggers execution of internal workflow skills /wf1-kickoff and /wf0-nextstep.
- Sanitization: Not applicable as the data source is an internal configuration file for the workflow system.
Audit Metadata