The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill explicitly searches for and reads sensitive information from environment and configuration files.
Evidence: Instructs the agent to search .env.example and .env.test for strings like test.*email, test.*password, seed, or fixture.
Evidence: Reads .flowchad/config.yml specifically to extract credentials using cat .flowchad/config.yml 2>/dev/null | grep -A2 credentials.
[COMMAND_EXECUTION]: Executes shell commands to inspect the filesystem and file contents.
Evidence: Uses ls, find, grep, and cat to analyze codebase structure, routes, and component files.
[DATA_EXFILTRATION]: Accesses sensitive file paths, exposing their contents to the agent's reasoning context.
Evidence: Reads .env.test and .flowchad/config.yml, which commonly contain secrets or sensitive configuration data. While no external network call is present in the static instructions, this exposure allows the data to be exfiltrated in subsequent turns or via model output.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to how it processes external data.
Ingestion points: User-provided natural language descriptions and contents of codebase files found in Step 2 (routes, components, existing flows).
Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands when reading files.
Capability inventory: File read operations (grep, cat, find) and the ability to write new files to the .flowchad/flows/ directory.
Sanitization: No sanitization, escaping, or validation of codebase content is performed before it is interpolated into the generated YAML or presented to the user.

flow-add