uipath-rpa-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
uipCLI tool to interact with UiPath Studio and manage automation projects. This includes listing Studio instances, opening projects, and managing Integration Service connections. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation and update of NuGet packages through the
uip rpa install-or-update-packagescommand. These dependencies are necessary for extending the capabilities of RPA workflows. - [REMOTE_CODE_EXECUTION]: The skill is designed to run and debug RPA workflows on the local machine using the
uip rpa run-filecommand, which is a core feature for testing automations during the development process. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes untrusted project data, such as
.xamlfiles and configuration metadata, which could contain malicious instructions designed to manipulate the agent's logic. - Ingestion points: The skill reads project files including
project.json,.xamlworkflows, and local documentation folders. - Boundary markers: While the skill follows a structured multi-phase workflow, it does not specify explicit delimiters or "ignore instructions" warnings when processing the content of existing project files.
- Capability inventory: The agent has the ability to read/write/edit files and execute code locally via the vendor's CLI.
- Sanitization: There is no evidence of content sanitization for the data extracted from existing workflow files before it is processed by the AI.
Audit Metadata