workflow-state-manager
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements legitimate state management and session recovery features for an autonomous workflow system. All file operations are restricted to the local project directory ('.specify/'), and no sensitive data exposure or exfiltration patterns were detected.
- [PROMPT_INJECTION]: The skill exhibits a potential surface for Indirect Prompt Injection (Category 8) by processing external project requirements to initialize and resume state. \n
- Ingestion points: The 'requirementsFile' parameter in 'initializeWorkflowState' and 'resumeWorkflow' functions. \n
- Boundary markers: None present; the skill treats file content as trusted configuration. \n
- Capability inventory: Local file system access (read/write/append) and execution of workflow phases. \n
- Sanitization: No explicit sanitization or validation of the input file content is performed. \n
- Risk: This is considered a low-severity surface inherent to the skill's purpose as a project management tool.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata