ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The
data_processing.shtemplate demonstrates a pattern for processing local files that is vulnerable to indirect prompt injection. \n - Ingestion points: The script reads raw text files from the
./data/rawdirectory using thecatcommand.\n - Boundary markers: Absent; the file content is interpolated directly into the AI prompt string without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The interpolated prompt is passed to the
infsh app runcommand, which executes AI models capable of performing various actions based on instructions.\n - Sanitization: No evidence of validation or sanitization of the input file content was found.\n- [EXTERNAL_DOWNLOADS]: The skill documentation includes commands for installing additional tools and workflows from the
inference-shrepository usingnpx skills add. These represent vendor-managed resources provided by the author.\n- [COMMAND_EXECUTION]: The skill provides numerous Bash and Python script examples that execute theinfshCLI and other standard utilities (e.g.,curl,mkdir,date) to orchestrate multi-step AI pipelines and monitoring tasks.
Audit Metadata