workos-feature-flags
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructs the agent to execute
grepon environment files (.env) to check for secrets likeWORKOS_API_KEY. This command prints the secrets to the standard output, exposing them to the agent's history and potential logs. - [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion: External documentation URLs (workos.com) are fetched as the primary source of truth. 2. Boundary markers: None. 3. Capability inventory: The skill can execute shell commands and modify code. 4. Sanitization: None. This allows an attacker who controls the external docs to potentially influence the agent to execute malicious commands.
- [EXTERNAL_DOWNLOADS] (MEDIUM): Documentation is fetched from workos.com, which is not a pre-approved trusted source for automated instruction following.
- [COMMAND_EXECUTION] (MEDIUM): The skill performs shell-based environment validation and package installation (npm, yarn, pnpm) which could be exploited if combined with injection vectors.
Recommendations
- AI detected serious security threats
Audit Metadata