scout-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses official vendor endpoints (
api.scoutos.com) and documentation links (docs.scoutos.com). These are documented as primary functional components. - [EXTERNAL_DOWNLOADS]: Skill instructions include the installation of
scoutospackages from PyPI and NPM. These are official SDKs from the verified vendor 'scoutos'. - [COMMAND_EXECUTION]: Includes shell scripts
test.shandtest-spawn.shdesigned to run theopenclawCLI for testing the skill's logic in local or isolated sessions. - [PROMPT_INJECTION]: Identified a surface for indirect prompt injection within the documented Scout Workflow execution API.
- Ingestion points: External data enters the workflow via the
inputsfield in thePOST /v2/workflows/{workflow_id}/executeendpoint described inSKILL.md. - Boundary markers: The provided documentation for Jinja templating does not include specific boundary markers or instructions to disregard embedded instructions.
- Capability inventory: The described workflows can execute remote language models, perform HTTP requests, run JavaScript, and interact with third-party platforms like Slack and Discord.
- Sanitization: There is no evidence of input validation or sanitization procedures in the documented examples.
Audit Metadata