workflow-init
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Resource Retrieval]: The skill retrieves configuration instructions and getting-started guides from
useworkflow.dev. This domain is the dedicated documentation site for the tool being installed. Fetching external documentation is a common pattern for initialization skills to ensure users receive the most up-to-date instructions. - [Indirect Instruction Surface]: By fetching and following external guides, the skill introduces a surface where instructions from the external source influence the agent's actions. This is a standard characteristic of skills that integrate with external documentation or APIs to perform setup tasks. The skill relies on the integrity of the vendor's documentation site.
- [Development Command Execution]: The skill instructs the agent to perform standard development operations such as installing dependencies with package managers and running CLI tools like
npx workflow. these operations are necessary for the skill's primary purpose of project initialization and are performed within the context of the user's development workflow.
Audit Metadata