bpmn-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection because it ingests and processes external data which could contain malicious instructions.
- Ingestion points: Reads existing Gherkin scenarios from
docs/bpmn/features/**/*.featurevia theread-featuretool. - Boundary markers: Absent. The instructions do not specify delimiters or prompts to ignore embedded instructions within the feature files.
- Capability inventory: The skill uses MCP tools (
generate-bpmn,link-gherkin,compose-system) to create and update files in thedocs/bpmn/directory. - Sanitization: Absent. There is no explicit validation or escaping of the Gherkin content before it is processed by the BPMN generation tools.
Audit Metadata