automation-workflow-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The content consists of legitimate technical documentation and code examples with no attempts to override agent behavior or bypass safety filters.
- [Data Exposure] (SAFE): The skill correctly demonstrates the use of environment variables (process.env.SLACK_WEBHOOK_URL) for handling sensitive webhook URLs rather than hardcoding them. No attempts to access sensitive system files like SSH keys or AWS credentials were found.
- [External Downloads] (SAFE): The mentioned services (Trigger.dev, Inngest, Upstash) and libraries (Axios, Prisma, Zustand) are reputable and standard in the industry. There are no signs of remote script execution or piped installations from untrusted sources.
- [Indirect Prompt Injection] (LOW): The skill establishes an ingestion point for untrusted data. Evidence Chain: 1. Ingestion points: The webhook route in 'app/api/webhook/route.ts' processes external JSON payloads. 2. Boundary markers: No delimiters are used in the example log or fetch call. 3. Capability inventory: The route can make network requests (fetch). 4. Sanitization: The example does not sanitize input, which is acceptable for a basic template but noted as a surface for potential downstream injection if an LLM were to process the resulting Slack message.
Audit Metadata