Workflow Automation Builder
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes hardcoded credentials in an example integration test configuration within SKILL.md:
postgresql://postgres:postgres@localhost:5432/test_db. While intended for a local test environment, hardcoded credentials represent a security risk. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection.
- Ingestion points: The skill reads several project configuration files (e.g.,
requirements.txt,package.json,railway.jsonin SKILL.md) and processes output from third-party security and quality tools. - Boundary markers: There are no explicit boundary markers or instructions to the agent to disregard potentially malicious instructions within these external project files.
- Capability inventory: The generated workflows have broad capabilities, including shell command execution (
os.systemviarun), file writing, and interacting with the GitHub API (e.g.,github.rest.issues.createCommentin SKILL.md). - Sanitization: No sanitization or validation of the ingested file content or tool output is performed before processing.
- [EXTERNAL_DOWNLOADS]: The implementation instructions in SKILL.md suggest downloading workflow templates from an external GitHub repository using
curl. - [COMMAND_EXECUTION]: The skill generates and describes the execution of various shell commands for automation, such as package installation (
pip install,npm install), testing (pytest,npm test), and security scanning (bandit,trivy,safety). - [DATA_EXFILTRATION]: The skill reads project configuration files to identify technologies and deployment targets, which involves local file system access.
Audit Metadata