Skills
skills/gmickel/flow-next-opencode/flow-next-opencode-impl-review/Gen Agent Trust Hub

flow-next-opencode-impl-review

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes numerous shell commands, including git for branch and diff management, jq for JSON parsing, and specialized CLIs (rp-cli, flowctl) for review backend interaction.
  • [COMMAND_EXECUTION]: Uses eval to execute the output of the bundled flowctl utility. This is employed to dynamically capture and set environment variables (such as window and tab IDs) required to maintain session state across the review workflow.
  • [DATA_EXFILTRATION]: Accesses and reads repository data, including branch names, commit history, and code diffs, which are transmitted to external services (OpenCode and RepoPrompt) for the purpose of performing the review.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from git diffs and utilizing feedback from external LLM backends to drive an automated code-fixing loop.
  • Ingestion points: Git diffs, commit logs, and feedback strings returned by the review backends (flowctl opencode or flowctl rp outputs).
  • Boundary markers: The instructions define specific focus areas (Correctness, Simplicity, etc.) but do not implement strict isolation or delimiting of the ingested diff content.
  • Capability inventory: The agent can write to files (cat >), commit changes to the git repository, and execute shell commands and bundled binaries.
  • Sanitization: No explicit sanitization or validation of the code diffs or external feedback is performed prior to processing and action.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 09:07 AM