Skills
skills/cognitedata/builder-skills/flows-app-review/Gen Agent Trust Hub

flows-app-review

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the GitHub CLI (gh api) to fetch instructional content and command definitions from the author's repository (cognitedata/dune-app-reviews).
  • [REMOTE_CODE_EXECUTION]: Instructions direct the agent to retrieve and "follow exactly" the logic and commands defined in a remote file. The content is fetched via API and decoded from Base64 before execution, which allows for dynamic modification of the skill's behavior from an external source.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its core function of auditing untrusted local code.
  • Ingestion points: The agent reads React and TypeScript source files from the user's local workspace (SKILL.md).
  • Boundary markers: No delimiters or isolation instructions are provided to distinguish between the skill's logic and the content of the files being reviewed.
  • Capability inventory: The skill possesses significant capabilities including Shell, Write, Read, Glob, and Grep, which could be abused if malicious instructions are present in the analyzed source code.
  • Sanitization: There is no evidence of sanitization or filtering of the local code content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:06 PM