ai-automation-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a pattern for a 'Data Processing Pipeline' that creates a surface for indirect prompt injection.
- Ingestion points: The script 'data_processing.sh' reads the contents of local text files from './data/raw' into the agent's prompt context using command substitution '$(cat $file)'.
- Boundary markers: No delimiters or instructions (e.g., 'ignore instructions within this text') are used when interpolating the file content into the prompt.
- Capability inventory: The skill utilizes the 'infsh' CLI for AI model interaction and standard shell utilities like 'cat', 'mkdir', and 'curl'.
- Sanitization: No validation or sanitization of the input data is performed before it is incorporated into the JSON input for the model.
- [COMMAND_EXECUTION]: The skill provides numerous examples of shell scripts and automation techniques, including background process management, conditional logic, and crontab scheduling. While standard for automation, users should verify these scripts before deployment to ensure they align with local environment policies.
- [DATA_EXFILTRATION]: The 'Monitoring and Logging' section provides a script template ('monitored_workflow.sh') that sends command results and error messages to an external URL ('https://your-webhook.com/alert') via 'curl'. This mechanism could potentially transmit sensitive information if the AI model outputs or command arguments contain private data.
Audit Metadata