aem-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: Hardcoded default credentials (
admin:admin) are utilized in command-line examples illustrating the use of the AEM Workflow REST API. - Evidence: Examples found in
workflow-triggering/SKILL.md,workflow-triggering/references/workflow-triggering/triggering-mechanisms.md, andworkflow-orchestrator/references/workflow-foundation/quick-start-guide.md. - [DYNAMIC_EXECUTION]: The Granite Workflow Engine evaluates ECMA (JavaScript) script strings at runtime for transition rules and loop-back logic.
- Evidence: Patterns documented in
workflow-model-design/references/workflow-model-design/step-types-catalog.mdandworkflow-model-design/references/workflow-model-design/model-design-patterns.md. - [INDIRECT_PROMPT_INJECTION]: The skill implements Java components and scripts that ingest and process potentially untrusted data from the JCR repository (such as payloads and metadata) without explicit sanitization guidance.
- Ingestion points: Payload paths and
MetaDataMapproperties accessed withinWorkflowProcessandParticipantStepChooserimplementations (e.g., inworkflow-development/SKILL.md). - Boundary markers: Absent in provided Java and XML templates.
- Capability inventory: The skill provides capabilities for JCR write operations, workflow lifecycle management (start/stop/complete), and script execution.
- Sanitization: No input validation or content sanitization logic is demonstrated in the provided code templates.
Audit Metadata