workflow-execute
Autonomous workflow execution pipeline with CSV wave engine. Session discovery → plan validation → IMPL-*.json → CSV conversion → wave execution via spawn_agents_on_csv → results sync. Task JSONs remain the rich data source; CSV is brief + execution state.
46
36%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./.codex/skills/workflow-execute/SKILL.mdSecurity
1 critical severity finding. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E006: Malicious code pattern detected in skill scripts
What this means
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Why it was flagged
Malicious code pattern detected (high risk: 0.90). The skill orchestrates remote/AI agents (spawn_agents_on_csv, ccw CLI) with broad instructions to read arbitrary repo files, execute task-specified verification commands and pre_analysis steps, and then directly writes/commits files based on agent outputs without strong sanitization — creating clear vectors for data exfiltration, remote code execution, file-system traversal/modification, and supply-chain abuse.
- Repository
- catlog22/Claude-Code-Workflow
- Commit
0f8e801
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.