raisindb-workflows

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the raisindb command-line interface for tasks such as raisindb deploy, raisindb package validate, and npx raisindb flow doctor. These are standard development and deployment tools for the RaisinDB platform.
  • [EXTERNAL_DOWNLOADS]: The skill references the raisindb tool via npx, which downloads and executes the package from the official npm registry. This is a standard practice for the vendor's own tooling.
  • [PROMPT_INJECTION]: The RaisinDB workflow engine supports variable interpolation (e.g., ${input.quantity} or {{ steps.pick_candidates.day }}) within workflow definitions. This creates an indirect prompt injection surface if the workflow processes untrusted data that is later passed to an ai_agent step or used in a command.
  • Ingestion points: Flow input (input.*), step outputs (steps.<id>.*), and trigger data in SKILL.md.
  • Boundary markers: None explicitly provided in the workflow templates to delimit untrusted data from instructions.
  • Capability inventory: Subprocess execution via raisindb deploy and network operations via API endpoints (/api/flows/, /api/inbox/).
  • Sanitization: The documentation suggests using flow doctor for structural and logic validation, though it does not detail content-level sanitization for interpolated data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 02:59 PM
Security Audit — agent-trust-hub — raisindb-workflows