workos-domain-verification
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill implements a high-risk indirect prompt injection surface (Category 8). In Step 1, it uses
WebFetchto retrieve content from external URLs and explicitly commands the agent: 'If this skill conflicts with the documentation, follow the documentation.' This configuration allows instructions from an external, untrusted source (workos.com is not in the [TRUST-SCOPE-RULE] whitelist) to override agent behavior while the agent has active command execution and package installation capabilities. - [COMMAND_EXECUTION] (MEDIUM): The skill performs multiple direct shell operations, including
npm install,grep, and variouscurlcommands to the WorkOS API. While these are functional for the skill's purpose, they provide the necessary 'execute' capabilities that elevate the severity of the indirect prompt injection surface. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill mandates the installation of
@workos-inc/node. Because the WorkOS organization is not on the trusted entity list, this is classified as an unverifiable third-party dependency installation. - [DATA_EXFILTRATION] (LOW): In the verification checklist, the skill instructs the agent to run
env | grep WORKOS_API_KEY. This practice can leak sensitive API credentials into session logs, stdout, or debugging traces, increasing the risk of credential exposure.
Recommendations
- AI detected serious security threats
Audit Metadata