workflow-init
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches framework-specific setup guides from
https://useworkflow.dev/docs/getting-started/. As the author (Vercel Inc.) is a trusted entity, the risk of external content ingestion is downgraded according to the Trusted Source Rule.\n- [REMOTE_CODE_EXECUTION] (LOW): The skill directs the agent to 'follow the guide step-by-step', which includes installing dependencies and modifying project code. This effectively executes logic defined on a remote server at runtime, but is considered low risk given the trusted source and primary purpose of initialization.\n- [COMMAND_EXECUTION] (LOW): Instructions include executingnpm install,npx workflow, andcurlcommands to configure and verify the setup. These are standard operations for a development-focused initialization skill.\n- [PROMPT_INJECTION] (LOW): The skill is subject to Indirect Prompt Injection (Category 8) due to its dependency on external data ingestion.\n - Ingestion points: Documentation URLs for Next.js, Express, Hono, etc., at
useworkflow.dev.\n - Boundary markers: Absent; there are no delimiters instructing the agent to ignore instructions embedded in the documentation.\n
- Capability inventory: File system writes (configuration files), package installation (
npm), and arbitrary command execution (npx,curl).\n - Sanitization: Absent; the agent is explicitly told to 'follow the guide' directly.
Audit Metadata