secure-workflow-guide
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted codebase data, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Codebase files are read and explored to understand the project structure (SKILL.md).\n
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are provided when processing external file content.\n
- Capability inventory: The skill invokes shell commands for security tools including slither, echidna, and manticore (WORKFLOW_STEPS.md).\n
- Sanitization: No sanitization or filtering of external code content is mentioned before the agent processes it.\n- [Command Execution] (SAFE): The skill instructs the agent to run a set of pre-defined, static security analysis commands on the local directory.\n
- Evidence: Static commands like 'slither . --exclude-dependencies' and 'slither-check-erc .' are used to perform the audit (WORKFLOW_STEPS.md).
Audit Metadata