Skills
skills/workos/skills/workos-pipes/Gen Agent Trust Hub

workos-pipes

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill mandates fetching external documentation and explicitly states it is the 'source of truth' that overrides the skill's own instructions. This creates a high-risk ingestion surface for indirect prompt injection.\n
  • Ingestion points: https://workos.com/docs/pipes/providers and https://workos.com/docs/pipes/index.\n
  • Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands in the fetched data.\n
  • Capability inventory: The skill has access to environment variables and can execute shell commands via env, echo, and node -e.\n
  • Sanitization: Absent. Fetched content is not filtered before being adopted as the 'source of truth'.\n- CREDENTIALS_UNSAFE (HIGH): The verification checklist in SKILL.md includes commands (env | grep WORKOS_API_KEY and echo $WORKOS_API_KEY) that print sensitive secret keys (prefixed with sk_) to the terminal. This practice exposes production secrets in shell history and logs.\n- COMMAND_EXECUTION (MEDIUM): The skill uses node -e to execute a block of JavaScript code for SDK verification. While intended for a health check, executing dynamic strings in the shell increases the attack surface for potential code injection.\n- EXTERNAL_DOWNLOADS (LOW): The skill downloads content from workos.com. Per [TRUST-SCOPE-RULE], because the workos organization is a trusted source, the download finding itself is downgraded to LOW/INFO, even though the logic influence remains high.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:16 AM