Skills
skills/steedos/steedos-platform/steedos-object-triggers/Gen Agent Trust Hub

steedos-object-triggers

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill consists of legitimate developer documentation for the Steedos platform and its server-side automation features.
  • [COMMAND_EXECUTION]: The skill describes implementating server-side JavaScript handlers for object triggers. This is a core platform functionality and the provided examples are benign implementation patterns.
  • [PROMPT_INJECTION]: The trigger architecture involves processing untrusted record data via ctx.params.doc, presenting an indirect prompt injection surface. Evidence: 1. Ingestion points: Data entering through record lifecycle events (SKILL.md examples). 2. Boundary markers: None present in the handler code templates. 3. Capability inventory: Access to the object ORM, internal service broker, database client, and axios for network requests. 4. Sanitization: Examples demonstrate field validation logic but do not include specific sanitization for adversarial instructions within the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 10:36 AM