wf0-nextstep
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to invoke other commands (e.g., /wf7-pr, /wf5-implement) automatically using the Skill tool. It bypasses user confirmation to streamline the workflow process.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes the 'next' field from 'state.json' to determine its next action. 1. Ingestion points: state.json file (specifically the 'next' and 'work-id' fields). 2. Boundary markers: None present to distinguish data from instructions. 3. Capability inventory: Ability to execute any skill defined in the system via string concatenation (/<next_phase>). 4. Sanitization: The skill does not describe any validation or escaping of the values retrieved from the state file before using them in command strings.
Audit Metadata