The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is highly vulnerable to instructions embedded in external workflow triggers or data inputs due to its high-privilege capabilities.
Ingestion points: Processes untrusted input via 'input_data' in 'mcp__flow-nexus__workflow_execute' and external 'Event-Driven' triggers described in the workflow patterns.
Boundary markers: Absent; the instructions lack delimiters or explicit warnings to ignore embedded instructions in processed data.
Capability inventory: Tools like 'mcp__flow-nexus__workflow_create' and 'mcp__flow-nexus__workflow_execute' perform high-impact actions such as 'build_app' and 'deploy_prod'.
Sanitization: Absent; no mention of input validation, escaping, or filtering for data processed during workflow execution.
Dynamic Execution (HIGH): The skill explicitly leverages 'Dynamic workflow modification and step injection' as an advanced feature. This allows the runtime assembly of executable logic, which can be exploited to execute arbitrary tasks if the agent is manipulated by malicious external input.
Command Execution (HIGH): Orchestrates operations like building and deploying applications which typically involve shell command execution. The lack of restriction on the 'action' field in 'workflow_create' allows for the definition of unauthorized or malicious system commands.

agent-workflow