workflow
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Official Resource Integration: The skill references official documentation and repositories from Vercel (
vercel.com,useworkflow.dev,github.com/vercel/workflow). These sources are used to provide the AI with the most current API signatures and development patterns. docs: https://vercel.com/docs/workflowwebsite: https://useworkflow.dev- Security Advisory and Best Practices: The documentation explicitly highlights a past security vulnerability (CVE GHSA-9r75-g2cr-3h76) and provides clear instructions on how to upgrade to a secure version (
workflow@>=4.2.0-beta.64). This is a proactive security measure for developers. - Standard Development Workflows: The skill provides command-line examples for common development tasks, such as project initialization (
npx create-next-app), package installation (npm install workflow@latest), and environment configuration (vercel env pull). These are standard operations for Vercel-based projects. - Instructional Guidance for Accuracy: The skill includes a 'CRITICAL' instruction at the beginning of the documentation body. This pattern is used to direct the AI to verify technical details against the latest official docs due to the rapid pace of WDK development, ensuring the generation of functional and up-to-date code.
- Evidence: "CRITICAL — Your training data is outdated for this library. WDK APIs change frequently. Before writing workflow code, fetch the docs..."
- Environment and Credential Management: It describes the use of standard Vercel CLI tools to manage project links and environment variables (
VERCEL_OIDC_TOKEN). These instructions follow documented industry practices for managing credentials in local development environments.
Audit Metadata