temporal-io
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGH
Full Analysis
- [DATA_EXFILTRATION] (SAFE): Network interactions in examples are restricted to localhost or placeholder domains. No unauthorized exfiltration logic was identified. An automated scanner alert for 'activity.logger.info' was confirmed as a false positive where a Python method path was mistaken for a URL.
- [CREDENTIALS_UNSAFE] (SAFE): The templates load certificates from files and explicitly advise against passing secrets in workflow arguments, following industry standard security practices.
- [COMMAND_EXECUTION] (SAFE): No arbitrary command execution patterns or dangerous subprocess calls were detected.
- [REMOTE_CODE_EXECUTION] (SAFE): All dependencies (temporalio, httpx) are trusted industry standards, and no remote script execution or untrusted downloads were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill is designed to handle external data through workflow inputs and signals, it provides comprehensive checklists and best practices for sanitization, boundary marking, and validation to mitigate injection risks.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata