inngest-steps
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill documentation provides code patterns that ingest untrusted data from external events, creating a potential surface for indirect prompt injection.
- Ingestion points: Data from events is ingested and accessed in multiple code examples (e.g.,
event.data.items,event.data.userId) inSKILL.md. - Boundary markers: The provided examples do not demonstrate the use of delimiters or warnings to ignore instructions embedded within event data.
- Capability inventory: The documented tools (
step.run,step.sendEvent,step.invoke,step.ai) provide the ability to execute logic, call external APIs, and trigger additional workflows based on event data. - Sanitization: No sanitization or validation steps are included in the educational examples for handling external data.
Audit Metadata