activepieces
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies] (LOW): The documentation recommends installing @activepieces/cli via npm. Although this package is not from a predefined trusted source, it is the official CLI for the platform.
- [Indirect Prompt Injection] (LOW): The skill describes an architecture that handles untrusted data. 1. Ingestion points: Webhook triggers and loop iterations defined in README.md. 2. Boundary markers: Absent in provided snippets. 3. Capability inventory: Workflow engine supports TypeScript execution (CODE steps) and Docker-based deployments. 4. Sanitization: No sanitization logic is presented in the quick reference guide.
- [Dynamic Execution] (LOW): The platform explicitly uses runtime execution of TypeScript code snippets to provide automation functionality as a core feature.
Audit Metadata