flows-app-review

SUSPICIOUS: the skill's purpose and official GitHub source are broadly aligned, but its core logic is fetched dynamically from a remote repository and then executed/followed with Shell and Write access. This creates a meaningful supply-chain and indirect prompt-injection risk despite no clear evidence of credential theft or overtly malicious behavior.