ASCN operator
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill documents a contract-first architecture for workflow operations, ensuring deterministic behavior and auditable execution through machine-readable contracts and standard error taxonomies.
- [EXTERNAL_DOWNLOADS]: Configures connectivity to the vendor's official MCP gateway at https://dev-nocode.ascn.ai/mcp. This resource is consistent with the infrastructure provided by the author (ascnai) and is documented neutrally.
- [PROMPT_INJECTION]: The skill provides an interface for processing and mutating structured workflow data, presenting a potential surface for indirect prompt injection.
- Ingestion points: The skill ingests untrusted data from the workspace registry and workflow runs through tools such as
control.workflows.describeandcontrol.runs.details. - Boundary markers: The operator mandates the use of explicit
={{ ... }}wrappers for all dynamic expressions and secrets to strictly separate instruction logic from data. - Capability inventory: The skill allows the agent to create, modify, and activate workflows which may contain executable logic (e.g.,
JS.Run) on the target platform. - Sanitization: A strict pre-mutation validation policy is enforced, requiring the use of
control.workflows.validateto verify graph reachability and schema compliance before any changes are applied.
Audit Metadata