AI Workflow Orchestrator

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). Overall: high risk — the WorkflowEngine uses eval(condition, {}, self.context), which allows arbitrary code execution when condition strings are attacker-controlled (enabling RCE/backdoor and potential data exfiltration), and webhook/task patterns could be abused if untrusted inputs are allowed; other examples (OpenAI calls, n8n/Zapier patterns) are otherwise typical integration code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and processes external, user-generated content (e.g., Zapier's inputData.email_content in the "Zapier Custom Code Action" and arbitrary JSON from incoming webhooks in handle_zapier_webhook / handle_n8n_webhook) and passes that data to AI components, so the agent will read and interpret untrusted third-party content.