temporal-python
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides instructional content and code examples for the temporalio library, which is a standard and reputable SDK for distributed orchestration.
- [COMMAND_EXECUTION]: The skill includes documentation for installing the SDK via the standard Python package manager (pip install temporalio).
- [SAFE]: Code examples demonstrate the use of TLSConfig to read client certificates and private keys from local file paths, which is a secure practice for managing credentials in Temporal applications.
- [PROMPT_INJECTION]: The skill documents the orchestration of external data through workflow and activity inputs, identifying an indirect injection surface. 1. Ingestion points: Dataclasses like OrderInput and PaymentInput in SKILL.md. 2. Boundary markers: None present in code templates. 3. Capability inventory: Defined activities can perform network and file I/O operations as orchestrated by workflows. 4. Sanitization: Not explicitly implemented in the tutorial-style code snippets.
Audit Metadata