uipath-coded-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
uip rpaCLI tool to automate the UiPath project lifecycle. Commands include project creation (create-project), validation of generated C# code (validate), and execution of automation workflows (run-file). It also includes shell-based scripts usingpython3for JSON processing andbunfor version discovery. - [EXTERNAL_DOWNLOADS]: The assistant facilitates the management of NuGet dependencies. It provides instructions to query official UiPath NuGet feeds hosted on Azure DevOps (
uipath.pkgs.visualstudio.com) and standard public registries to resolve and install package versions. - [DYNAMIC_EXECUTION]: A core feature of the skill is generating C# source code and metadata files at runtime based on user requirements and predefined templates. These files are then programmatically compiled and executed via UiPath Studio's runtime environment. The skill enforces a validation loop to ensure code correctness before execution.
- [INDIRECT_PROMPT_INJECTION]: The skill performs 'API Discovery' by reading existing project files, including
.csworkflows and Object Repository metadata. This ingested data is used to provide contextually accurate coding suggestions, representing a standard surface for indirect instruction processing in development tools. - [SAFE]: All identified operations are well-documented, vendor-aligned, and necessary for the primary purpose of assisting with UiPath coded workflows. The skill includes security-conscious configurations, such as default log redaction for private data and passwords.
Audit Metadata