Back to the Using Artificial Intelligence outline The Course Maker
Using Artificial Intelligence outline
Week 14 · AI Build Studio

Week 14 — AI Build Studio · "A Safe Cross-App Workflow"

Using Artificial Intelligence · AI 101 Fall 2026 · Prof. Quinn Fictional sample

Course: Using Artificial Intelligence (AI 101) · Silver Oak University (fictional sample) · Prof. Quinn
Objective: Objective 6 — design and evaluate a multi-step cross-app workflow using agentic tools safely (approvals; link safety; never-move-money) · SLO A (produce high-quality results through agentic workflows) · SLO B (evaluate AI safely and ethically)
Worth 50 points · AI Build Studios group = 15% of the grade · Studio 14
Format: a hands-on build — you'll design a real cross-app workflow spanning two surfaces, implement or simulate it with approval checkpoints, catch and document the safety risks, and critique both the AI's plan and your own design.

This is the course's signature weekly component. Every instructional week has one Studio — a real thing to build, a required step where you verify and critique the AI's work, and a short reflection. All resources are verified external links.


Part 1 — The Build Goal

By the end of this Studio you'll have produced three things:
1. A documented workflow design: a two-surface cross-app workflow with at least two explicit approval checkpoints.
2. A safety audit: a written identification of the prompt-injection risk, over-broad permission risks, and any steps that involve irreversible actions.
3. A verified and improved plan: the workflow after you've caught what the AI's first draft got wrong and fixed it.

This is the capstone Studio for the agentic weeks — every safe-use principle from Weeks 11–14 comes together here: project setup, scheduled tasks, skills and connectors, and now cross-app control. Think of this Studio as a proof-of-concept for your Week 16 capstone.


Part 2 — Choose Your Two-Surface Workflow

Pick a realistic task from your own life, major, or career field that would genuinely benefit from chaining two of these tools:

  • Claude in Chrome (browser navigation, clicking, form-filling on web pages) paired with Claude in Cowork (generating a document, report, or summary from the gathered data)
  • Claude in Chrome paired with Claude in Excel (reading data from the web and organizing it into a workbook)
  • Computer use (controlling a native desktop app) paired with Claude in Cowork (producing a document or formatted output)

Examples of strong workflow choices:
- Gather pricing data from three competitor websites → organize into an Excel comparison table with a summary
- Read the headlines from three research news sites → produce a formatted weekly digest document
- Collect job listings from two job sites → build a ranked tracker spreadsheet with application status columns
- Read a public dataset page → extract key figures → produce a one-page summary document

Avoid financial accounts, banking, investment platforms, and anything involving purchasing or money movement — those are explicitly outside safe-use scope. And explicitly outside scope even for a simulation: the goal is to learn why they're off-limits, not to try them.

Write your workflow goal here (fill in before starting): I want to use [Tool 1] to _, then [Tool 2] to _.


Part 3 — Step 1: Ask the AI to Draft a Workflow Plan

Open Claude Cowork (at claude.com/download) if you have access, or any approved AI assistant — ChatGPT, Claude, Gemini, or Copilot (free versions work for planning).

Send this prompt (adapt to your chosen task):

"I want to design a two-step cross-app workflow using Claude in Chrome and Claude in Excel (or Cowork). The task is: [your workflow goal]. Please design the workflow step by step, naming which tool handles each step, what exactly it does, and where I should place approval checkpoints. Also flag any safety risks I should be aware of."

Save the AI's first draft workflow plan. This is your starting point — and the thing you are about to audit.

Official resources: Claude in Chrome is documented at https://claude.com/claude-for-chrome (confirmed available in beta on all paid plans — verified 2026-06-29). Claude in Excel is documented in the Anthropic release notes at https://support.claude.com/en/articles/12138966-release-notes (sidebar inside Excel; beta on Max/Team/Enterprise — verified 2026-06-29). The safe-use guidelines are at https://support.claude.com/en/articles/12902428-using-claude-for-chrome-safely.


Part 4 — Step 2: Run or Simulate the Workflow (where possible)

If you have access to Claude Cowork and Claude in Chrome (paid plan):
- Run Steps 1 and 2 of your workflow with explicit approval checkpoints: pause before each action and confirm what Claude is about to do before it proceeds.
- Screenshot or save evidence of the approval moment (a description of what you reviewed and approved is sufficient if screenshots aren't available).
- Note any behavior that surprises you — unexpected site navigation, unexpected content read, anything the agent does that you didn't explicitly authorize.

If you are on a free plan or don't have Cowork installed:
- Write a detailed simulation: describe exactly what each tool would do at each step, what you would see, and what you would review at the approval checkpoint — as if you were running it in real time.
- The rubric awards full simulation credit for detail and accuracy, not for having the paid plan.

Either way, your deliverable is a step-by-step account of the workflow, with the approval checkpoint moments documented.


Part 5 — The Safety Audit (required — this is the critique step)

Now audit your workflow systematically. For each of the following, write 2–3 sentences:

A. Prompt-injection risk. Where in your workflow does Claude read content from the open web? What type of page is it? Could a bad actor plausibly inject hidden instructions into that content? What's your defense?

B. Over-broad permissions. Are there any permissions you would need to grant that go further than necessary for this specific task? What is the minimum-permission version of this workflow?

C. Irreversible actions. Does any step in your workflow take an action that cannot be undone (submitting a form, sending data, creating a permanent file)? Which step? Where is your approval checkpoint before it?

D. The AI's plan vs. reality. Look back at the AI's first draft workflow plan (from Part 3). Did it:
- Accurately describe the approval-checkpoint locations, or did it skip them?
- Claim any feature or capability you can't confirm from official documentation (verify at support.claude.com)?
- Propose any step involving financial accounts, purchasing, or money movement? (If so — that should not be in the plan.)
- Overstate the tool's safety or call a safeguard a "guarantee"?

Write up at least two things the AI's draft got wrong, over-claimed, or failed to warn you about — and how you would fix the plan. (Common catches: the AI may draft a plan without approval checkpoints; it may describe a feature with more certainty than the official docs support; it may not warn about prompt injection; it may propose auto-approving all sites.)


Part 6 — The Money Rule Check (required)

Write one paragraph (3–5 sentences) answering: "Could this workflow be adapted to handle a financial task — paying a bill, purchasing something, checking a bank balance? What would happen if you tried? And what is your personal rule for financial actions with AI agents?"

Your answer should demonstrate that you understand the rule is absolute and why: prompt-injection risk makes financial actions in a browser agent a hard prohibition (not a guideline), and the official Anthropic usage policy confirms this. Financial sites are blocked by default. You handle money yourself.


Part 7 — Reflection (2–3 sentences)

What surprised you most about designing this workflow — about where the approval checkpoints needed to go, or about what the AI's first draft missed? What will you design differently when you build your capstone workflow in Week 16?


Part 8 — What to Submit

Submit a single document (or text entry) with:
- Your workflow goal (Part 2) and the AI's first draft workflow plan (Part 3, saved verbatim)
- Your Step 2 run or simulation (Part 4) — step by step with approval checkpoint moments documented
- Your Safety Audit (Part 5, all four sections A–D) — including at least two specific things you caught in the AI's draft
- Your Money Rule Check (Part 6)
- Your Part 7 reflection

Due Sunday, Dec 6, 11:59 p.m. (50 points).


Instructor answer key & model deliverable — REMOVE BEFORE PUBLISHING TO STUDENTS

Students use their own workflow goals, so deliverables vary. Grade the process (design quality, audit depth, catches from the AI's draft, safety-rule accuracy), not a specific workflow. The model below shows what full credit looks like.

Model deliverable (illustrative):
- Workflow goal: use Claude in Chrome to gather weekly revenue figures from three public company earnings pages → use Claude in Excel to build a comparison table and a one-paragraph trend summary.
- AI's first draft: a three-step plan naming Chrome for web navigation and Excel for output. AI's draft issues: (1) the draft did not include any approval checkpoints — it described the steps as if they would run fully automatically; (2) the draft said the workflow is "completely safe" for any website, which overstates the safety guarantee; (3) the draft did not mention prompt injection at all.
- Run/Simulation: Step 1 — Claude in Chrome navigates to Company A's earnings page; approval checkpoint: I reviewed the URL and the page before Chrome reads it; I confirmed no unusual behavior. Step 2 — Chrome gathers two more pages; approval checkpoint: same review each time. Step 3 — Excel sidebar receives the data and builds the table; approval checkpoint: I reviewed the table for accuracy before saving.
- Safety Audit — A (injection): Chrome reads public earnings pages — plausibly safe (official SEC-hosted pages are lower-risk than user-generated content), but I would still watch for unexpected behavior. Defense: approve each URL, watch for Chrome visiting any unrelated site. B (permissions): I would grant Chrome only the ability to read these specific pages, not to fill forms or click submit buttons. C (irreversible): no irreversible action in this workflow — all steps are read-only except the Excel file creation. Approval checkpoint before saving final file anyway. D (AI's draft issues): the AI omitted approval checkpoints entirely (fix: add them at each URL confirmation and before saving); the AI said "completely safe" (fix: describe it as "lower-risk with proper approvals, but not zero-risk").
- Money Rule Check: This workflow could theoretically be adapted to read a bank balance page — but (1) financial sites are blocked by default in Claude in Chrome; (2) even "reading" creates a live session that could be exploited; (3) the official policy prohibits financial account access by an agent. My rule: I perform any financial action myself, regardless of how convenient an agent would be.
- Reflection: The biggest surprise was that the AI's first draft plan had no approval checkpoints at all — it just described the steps as a smooth automation. That's the gap between a technically-correct-sounding description and a safely-designed workflow. For the capstone I'll start with the approval checkpoints and build the steps around them, not the other way around.

Why the safety audit can't be faked: a student who generates a workflow plan and pastes it with no audit earns the low end of the safety-audit row. The rubric rewards catching the AI's specific oversights, reasoning about which steps are irreversible, and demonstrating personal command of the safe-use rules — not the AI's prose.

Grading rubric — 50 points

Criterion Full Partial None
Workflow design quality — two surfaces named correctly, steps are logically sequenced, goal is realistic and appropriate (not financial) (8) 8 4–6 0–3
Approval checkpoints — at least two explicit checkpoints documented, with what you reviewed before approving (10) 10 5–8 0–4
Safety audit, sections A–C — each section answered specifically (not generically); prompt injection, permissions, and irreversible actions addressed accurately (12) 12 6–9 0–5
AI-critique step (Section D) — at least two specific things the AI's draft got wrong, over-claimed, or omitted; fixes proposed (12) 12 6–9 0–5
Money rule check — clearly states the absolute rule, explains why (injection risk + policy), and applies it to this workflow (5) 5 3 0–2
Reflection — a genuine insight about workflow design or what the AI missed, applied to future work (3) 3 2 0–1

Product-accuracy gate: PASS. All tool and feature claims are verified against official Anthropic documentation:
- Claude in Chrome (beta on all paid plans, navigate/click/fill forms): https://claude.com/claude-for-chrome — verified live 2026-06-29
- Prompt injection risk and "not a security boundary": https://support.claude.com/en/articles/12902428-using-claude-for-chrome-safely — verified live 2026-06-29
- Financial site blocking and agent usage policy: https://support.claude.com/en/articles/12005017-using-agents-according-to-our-usage-policy — verified live 2026-06-29
- Claude in Excel (sidebar inside Excel, pivot tables, beta on Max/Team/Enterprise): release notes, Nov 2025 + Feb 2026 entries at https://support.claude.com/en/articles/12138966-release-notes — verified live 2026-06-29
- Computer use (research preview for Pro/Max via Cowork): March 2026 release notes, same page — verified live 2026-06-29
- No invented features, menu paths, or plan tiers. Availability described conservatively as "beta on [plan tier]" matching the official docs; "research preview" for computer use matches the March 2026 release note language.

~ Prof. Quinn's edition · Fall 2026 · built with thecoursemaker.com