workos-widgets
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local utility script (
node references/scripts/query-spec.cjs) to retrieve API schema information from a bundled OpenAPI specification file. This is a local documentation lookup tool used by the agent to ensure API compatibility. - [EXTERNAL_DOWNLOADS]: Recommends the installation of official WorkOS packages and SDKs (e.g.,
workos,workos-go,workos-java) from trusted package registries. These are legitimate resources required for the skill's primary integration purpose. - [DATA_EXPOSURE]: The skill correctly instructs the agent to manage sensitive credentials like
WORKOS_API_KEYusing environment variables, which is a standard and secure practice for handling authentication secrets.
Audit Metadata