Skills
skills/gmickel/flow-next-opencode/flow-next-opencode-rp-explorer/Gen Agent Trust Hub

flow-next-opencode-rp-explorer

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the rp-cli command-line tool to perform codebase analysis tasks. Examples include executing rp-cli -e 'tree', rp-cli -e 'structure .', and rp-cli -e 'read <path>'. These commands run locally to facilitate the agent's exploration of the project.
  • [PROMPT_INJECTION]: The skill operates on content retrieved from the local codebase, which presents a surface for indirect prompt injection if the files being read contain malicious instructions targeted at the agent.
  • Ingestion points: The agent ingests untrusted data from the filesystem using commands like rp-cli -e 'read <file>' and rp-cli -e 'search <pattern>' (documented in SKILL.md and cli-reference.md).
  • Boundary markers: The instructions do not define any delimiters or system-level instructions to ignore potential commands embedded within the code being analyzed.
  • Capability inventory: The skill allows the agent to read any file in the workspace and write aggregated context to local markdown files (e.g., rp-cli -e 'context --all > codebase-map.md'), combining read and write capabilities.
  • Sanitization: There is no mention of sanitizing or validating the contents of the files before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 09:07 AM