workflows-compound
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified. The skill follows a two-phase orchestration pattern where subagents return text data to an orchestrator, preventing unauthorized file system writes during the research phase.
- [COMMAND_EXECUTION]: The skill utilizes
mkdir -pto organize documentation within thedocs/solutions/path. This is a legitimate use of command execution for the skill's intended purpose of file organization. - [PROMPT_INJECTION]: While the skill ingests untrusted data from conversation history, it does so to generate static documentation content. There are no patterns suggesting the skill is vulnerable to instructions embedded in that data that could compromise the agent's behavior.
Audit Metadata