dapr-integration
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the user to run
dapr init, which downloads and installs the Dapr runtime and sidecar binaries from the internet. While Dapr is a reputable CNCF project, these downloads occur outside of standard package managers. - [COMMAND_EXECUTION] (LOW): The skill uses the
Bashtool anddapr runto execute application services (e.g.,uvicorn). This is the intended purpose of the skill for local development orchestration. - [DATA_EXPOSURE & EXFILTRATION] (LOW): The provided YAML component configurations (e.g.,
pubsub.yaml,statestore.yaml) use insecure defaults such asauthType: "none",disableTls: "true", and emptyredisPassword. While suitable for local development, these represent a risk if used in production environments. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill implements event-driven subscribers (e.g.,
handle_task_eventinexamples.md) that process data from external Pub/Sub topics. - Ingestion points:
handle_task_eventfunction inexamples.mdreceives adictfrom the Dapr sidecar. - Boundary markers: None are implemented to distinguish between trusted data and potentially malicious instructions within the
eventpayload. - Capability inventory: The subscriber can trigger audit logging, notifications, and archiving via
log_audit,send_notification, andarchive_taskfunctions. - Sanitization: No sanitization or validation of the event payload (e.g.,
task_data) is performed before it is used in downstream logic.
Audit Metadata