workos-widgets
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends that users run
npx workos@latest installto set up dependencies. This command fetches the WorkOS package from the npm registry. This is a vendor-owned resource and is safe in the context of the skill's purpose. - [REMOTE_CODE_EXECUTION]: The use of
npx workos@latest installinvolves the execution of code downloaded from a remote registry. The skill correctly directs this action to the user for manual confirmation. - [COMMAND_EXECUTION]: A bundled utility script is executed via
node references/scripts/query-spec.cjsto parse the OpenAPI specification for specific widget details. This is a local execution of a script provided with the skill. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes data from external repository files to perform stack detection.
- Ingestion points: Dependency manifests such as
package.json,Gemfile, andpyproject.toml. - Boundary markers: No specific delimiters or safety warnings are used when the agent reads these files.
- Capability inventory: The agent can execute shell commands (
node,npx) and write code. - Sanitization: There is no evidence of sanitization for the data read from project files.
Audit Metadata