Skills
skills/workos/skills/workos-api-sso/Gen Agent Trust Hub

workos-api-sso

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill establishes an attack surface by directing the agent to fetch and follow external documentation from workos.com.\n
  • Ingestion points: SKILL.md (Instruction to 'WebFetch the relevant docs' for implementation details).\n
  • Boundary markers: Absent. The agent is explicitly told to 'STOP' and fetch external content before proceeding, which encourages the agent to prioritize external instructions.\n
  • Capability inventory: The skill utilizes curl via subprocess to perform POST and DELETE operations on SSO connections and user profiles.\n
  • Sanitization: Absent. There is no instruction to validate or sanitize the data retrieved from external URLs before using it to construct API calls.\n- Command Execution (LOW): The skill provides runnable verification scripts using curl and jq. While standard for API interaction, these execute commands in the shell environment and could be misused if the parameters (like CONNECTION_ID) are manipulated by injected instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:50 AM