Skills
skills/novuhq/skills/novu-design-workflow/Gen Agent Trust Hub

novu-design-workflow

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides technical documentation and design patterns for notification workflows. No malicious patterns, such as unauthorized command execution, credential harvesting, or multi-layer obfuscation, were detected.- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it describes processing untrusted payload data within workflow steps.
  • Ingestion points: Untrusted event data enters the context via payload.* variables (e.g., payload.webhookUrl, payload.userId) documented in references/workflow-templates.md and references/step-conditions.md.
  • Boundary markers: No specific delimiters or "ignore instructions" markers are defined for the interpolated payload data.
  • Capability inventory: The workflow design includes the capability to perform network operations through HTTP Request steps (step.http), as seen in Templates 8 and 9.
  • Sanitization: The documentation does not specify server-side validation or sanitization for these user-defined payload variables, relying on the platform's default handling.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 03:50 PM