flow-next-opencode-interview

SUSPICIOUS: the skill’s purpose and local file/task-writing behavior are coherent, and no credential harvesting or external exfiltration is shown. However, it depends on executing a bundled local `flowctl` binary with unverified provenance, which alone makes the security risk high under the mandatory override.