raisindb-workflows
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
raisindbcommand-line interface for tasks such asraisindb deploy,raisindb package validate, andnpx raisindb flow doctor. These are standard development and deployment tools for the RaisinDB platform. - [EXTERNAL_DOWNLOADS]: The skill references the
raisindbtool vianpx, which downloads and executes the package from the official npm registry. This is a standard practice for the vendor's own tooling. - [PROMPT_INJECTION]: The RaisinDB workflow engine supports variable interpolation (e.g.,
${input.quantity}or{{ steps.pick_candidates.day }}) within workflow definitions. This creates an indirect prompt injection surface if the workflow processes untrusted data that is later passed to anai_agentstep or used in a command. - Ingestion points: Flow input (
input.*), step outputs (steps.<id>.*), and trigger data inSKILL.md. - Boundary markers: None explicitly provided in the workflow templates to delimit untrusted data from instructions.
- Capability inventory: Subprocess execution via
raisindb deployand network operations via API endpoints (/api/flows/,/api/inbox/). - Sanitization: The documentation suggests using
flow doctorfor structural and logic validation, though it does not detail content-level sanitization for interpolated data.
Audit Metadata