upstash-workflow-js
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [UNVERIFIABLE_DEPS]: The skill guides users to install '@upstash/workflow' and '@upstash/workflow-agents' via npm. These are verified vendor packages and follow the trusted scope for Upstash resources.
- [DYNAMIC_EXECUTION]: Examples in 'agents.md' utilize 'mathjs.evaluate' to process strings within agent tools. This involves the runtime evaluation of expressions, which is a core component of the demonstrated math tool functionality.
- [INDIRECT_PROMPT_INJECTION]: The orchestration patterns for AI agents create an attack surface for indirect prompt injection through external data ingestion. 1. Ingestion points: Untrusted content enters the agent context via the 'prompt' parameter in 'agents.task' in 'agents.md' and the 'requestPayload' in 'basics/context.md'. 2. Boundary markers: The code snippets do not include explicit delimiters or instructions to isolate external data from system prompts. 3. Capability inventory: Workflows and agents are capable of executing network calls ('context.call'), running code blocks ('context.run'), and calling LLM APIs ('context.api'). 4. Sanitization: The documentation does not provide examples of input validation or sanitization before passing external data to the AI models.
Audit Metadata