novu-dashboard-workflows

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is entirely instructional, providing a structured framework for the agent to help users author Novu workflow steps. It defines best practices, schema requirements, and variable usage patterns for the Novu platform.
  • [CREDENTIALS_UNSAFE]: The skill manifest defines a NOVU_SECRET_KEY input of type secret. This is the recommended practice for handling API keys, ensuring they are managed by the platform's secure vault rather than being hardcoded or exposed in plaintext. No hardcoded credentials were found in the scripts or documentation.
  • [DATA_EXFILTRATION]: While the documentation describes HTTP Request steps that can interface with external APIs, this is a core feature of the Novu platform for webhooks and data fetching. The instructions do not direct the agent to exfiltrate sensitive local environment data or credentials to unauthorized endpoints.
  • [PROMPT_INJECTION]: The skill does not contain any instructions intended to override AI safety guidelines, bypass constraints, or extract system prompts. The guidance is focused on maintaining consistency and correctness in workflow definitions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:57 PM
Security Audit — agent-trust-hub — novu-dashboard-workflows