novu-dashboard-workflows
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely instructional, providing a structured framework for the agent to help users author Novu workflow steps. It defines best practices, schema requirements, and variable usage patterns for the Novu platform.
- [CREDENTIALS_UNSAFE]: The skill manifest defines a
NOVU_SECRET_KEYinput of typesecret. This is the recommended practice for handling API keys, ensuring they are managed by the platform's secure vault rather than being hardcoded or exposed in plaintext. No hardcoded credentials were found in the scripts or documentation. - [DATA_EXFILTRATION]: While the documentation describes
HTTP Requeststeps that can interface with external APIs, this is a core feature of the Novu platform for webhooks and data fetching. The instructions do not direct the agent to exfiltrate sensitive local environment data or credentials to unauthorized endpoints. - [PROMPT_INJECTION]: The skill does not contain any instructions intended to override AI safety guidelines, bypass constraints, or extract system prompts. The guidance is focused on maintaining consistency and correctness in workflow definitions.
Audit Metadata