workflow
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative directives (e.g., "CRITICAL", "knowledge is outdated") to instruct the AI to prioritize the provided content over its internal training. Additionally, it documentation defines a surface for indirect prompt injection through the
DurableAgentimplementation. - Ingestion points: Untrusted data enters the agent context via the
userMessageparameter in themyAgentWorkflowfunction in SKILL.md. - Boundary markers: The provided code snippets do not demonstrate the use of delimiters or instructions to ignore embedded commands within user input.
- Capability inventory: Functions utilizing the
"use step"directive are granted "full Node.js access," allowing for significant system capabilities (file access, network ops) if triggered by the agent. - Sanitization: No input validation or sanitization logic is shown in the provided examples.
- [COMMAND_EXECUTION]: The skill describes several
npx workflowCLI commands for debugging and inspecting workflow runs, which interact with the local environment and Vercel's infrastructure. - [EXTERNAL_DOWNLOADS]: The documentation references external resources from
https://useworkflow.devandhttps://github.com/vercel/workflow. These are official resources from Vercel, which is a well-known technology provider and trusted organization.
Audit Metadata