Skills
skills/workos/skills/workos-authkit-vanilla-js/Gen Agent Trust Hub

workos-authkit-vanilla-js

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to fetch a README file from a remote GitHub repository (https://github.com/workos/authkit-js/blob/main/README.md) and treat it as the 'source of truth' for implementation. While this is documentation, it is an external dependency that dictates agent behavior at runtime.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface (Category 8).
  • Ingestion points: Untrusted data enters the agent context via the WebFetch instruction in SKILL.md (Step 1).
  • Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat the fetched content as data rather than instructions.
  • Capability inventory: The agent is empowered to generate code, install packages, and configure authentication flows based on the fetched content.
  • Sanitization: Absent. There is no logic to filter or validate the contents of the README before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 09:03 AM