render-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to install the Render CLI using a shell script fetched from a remote URL and piped directly into the shell (
curl -fsSL https://raw.githubusercontent.com/render-oss/cli/main/bin/install.sh | sh). This is a standard installation pattern for the vendor's tooling. - [EXTERNAL_DOWNLOADS]: The skill downloads example code, task definitions, and configuration files from the vendor's official GitHub repositories (
render-oss/sdkandrender-examples/*) to ensure generated code matches current API patterns. - [COMMAND_EXECUTION]: The skill executes shell commands such as
pip show,grep, andheadto inspect the local development environment and verify the installed version of the SDK before performing scaffolding or code generation. - [PROMPT_INJECTION]: The skill is configured to read local SDK source files and remote example files to inform its behavior. This ingestion of untrusted external content represents an indirect prompt injection surface where instructions hidden in those files could theoretically influence agent responses. The skill lacks explicit boundary markers or sanitization for this ingested data.
- Ingestion points: SDK inspection commands in
SKILL.mdandreferences/manual-scaffolding.md; Remote example fetching inSKILL.md. - Boundary markers: Absent. The skill treats the content of these files as the source of truth for API signatures without delimiters.
- Capability inventory: Subprocess execution (
render workflows dev,pip install,npm install), file system reads, and network requests via the Render CLI. - Sanitization: Not detected.
Audit Metadata