flow-wizard
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests data from external project files (index.mdx) to cross-reference resources and summarize flows.
- Ingestion points: The skill reads resource definitions from local directories including 'services/', 'events/', 'domains/', and 'flows/'.
- Boundary markers: No specific delimiters or safety instructions are defined to separate ingested file content from the agent's core instructions.
- Capability inventory: The agent performs filesystem read operations to discover resources and filesystem write operations to generate the final flow documentation.
- Sanitization: The skill lacks explicit sanitization or filtering logic for the content it reads from the user's catalog files before using that content in its internal reasoning or user-facing summaries.
Audit Metadata