upstash-workflow-js
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a developer guide for the Upstash Workflow TypeScript SDK. All referenced libraries and services are either official Upstash products or well-known industry standard tools (e.g., OpenAI, Anthropic, LangChain, Vercel).
- [DATA_EXFILTRATION]: The SDK facilitates network operations and external API calls through
context.callandclient.trigger. The documentation consistently demonstrates the use of environment variables for managing API keys and tokens, which is a standard security practice to prevent credential exposure. - [INDIRECT_PROMPT_INJECTION]: As the skill involves orchestrating AI agents that process external data, it acknowledges the potential for untrusted input. The documentation mitigates this risk by recommending and demonstrating the use of Zod schemas for strict validation of incoming request payloads and event data.
Audit Metadata