workflow-launchers

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a comprehensive developer reference for AEM Workflow Launchers, following Cloud Service guardrails and immutability constraints.
  • [CREDENTIALS_UNSAFE]: The documentation includes 'admin:admin' in example curl commands within 'quick-start-guide.md' and 'SKILL.md'. These are the standard default credentials for local AEM SDK development environments and are used appropriately for instructional purposes on localhost.
  • [PROMPT_INJECTION]: The skill describes an indirect prompt injection surface involving JCR event processing.
  • Ingestion points: JCR node events (NODE_ADDED, NODE_MODIFIED) matching specified glob patterns and node types in launcher configurations.
  • Boundary markers: None; filtering is handled by JCR event listener criteria.
  • Capability inventory: Triggers workflow models capable of executing Java code (WorkflowProcess), participant choosers, and script-based transition rules.
  • Sanitization: Not addressed in the architectural documentation; custom step implementations are responsible for sanitizing payload data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 05:37 PM
Security Audit — agent-trust-hub — workflow-launchers