workflow-launchers
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a comprehensive developer reference for AEM Workflow Launchers, following Cloud Service guardrails and immutability constraints.
- [CREDENTIALS_UNSAFE]: The documentation includes 'admin:admin' in example curl commands within 'quick-start-guide.md' and 'SKILL.md'. These are the standard default credentials for local AEM SDK development environments and are used appropriately for instructional purposes on localhost.
- [PROMPT_INJECTION]: The skill describes an indirect prompt injection surface involving JCR event processing.
- Ingestion points: JCR node events (NODE_ADDED, NODE_MODIFIED) matching specified glob patterns and node types in launcher configurations.
- Boundary markers: None; filtering is handled by JCR event listener criteria.
- Capability inventory: Triggers workflow models capable of executing Java code (WorkflowProcess), participant choosers, and script-based transition rules.
- Sanitization: Not addressed in the architectural documentation; custom step implementations are responsible for sanitizing payload data.
Audit Metadata