scout-workflow

This skill/documentation appears to be a legitimate interface for managing Scout workflows. The capabilities described (workflow execution, streaming, JS execution, HTTP blocks, and third-party integrations) align with the stated purpose. However, these same capabilities present moderate security risks if misused or if credentials/configurations are exposed: arbitrary JavaScript execution and HTTP request blocks are effective vectors for data exfiltration; third-party integration blocks expand the number of external sinks; automated actions (posting, sending SMS, creating records) can have real-world impact if run without appropriate authorization. No explicit malicious code, download-and-execute instructions, or obfuscated payloads are present in the supplied text. Recommend enforcing least-privilege credentials, using short-lived tokens, auditing workflow revisions before deploy, restricting/ sandboxing Execute JavaScript blocks, and requiring explicit approval for actions that interact with external services.