Skills
skills/skillssh/skills/ai-automation-workflows/Gen Agent Trust Hub

ai-automation-workflows

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The data_processing.sh template exhibits an indirect prompt injection surface. It reads files from a local directory using cat and interpolates the raw content directly into a prompt for an LLM without using boundary markers or sanitization.
  • Ingestion points: Reads all .txt files in ./data/raw within data_processing.sh.
  • Boundary markers: None identified; file content is appended directly to the prompt string.
  • Capability inventory: The skill utilizes subprocess execution, file system writes (mkdir, output redirection), and network requests (curl).
  • Sanitization: No escaping or validation is performed on the ingested file content.
  • [COMMAND_EXECUTION]: The documentation provides explicit instructions for modifying the system's crontab. While consistent with the skill's purpose of automation, this establishes persistence by ensuring scripts run automatically at defined intervals.
  • [DATA_EXFILTRATION]: The monitored_workflow.sh example demonstrates a pattern for sending internal execution results and error logs to an external webhook via curl. This pattern could be adapted for silent data exfiltration.
  • [EXTERNAL_DOWNLOADS]: The skill references external resources for tool installation and expansion, including CLI installation via GitHub and adding additional skills via npx. These are identified as vendor-provided resources.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 07:30 PM