flow-next-export-context
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill uses eval to execute output from a bundled script (flowctl). This allows for dynamic command execution which can be exploited if the script's output is compromised.
- DATA_EXFILTRATION (LOW): The skill collects repository information including git history and file contents to export it to the desktop. This is the intended behavior but involves handling and moving sensitive code data.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted repository data that could influence the agent's behavior or the external LLM's review. 1. Ingestion points: git branch, git log, git diff, and file contents gathered in Steps 2 and 4. 2. Boundary markers: None identified; the content is concatenated into prompts without explicit delimiters or instructions to ignore embedded commands. 3. Capability inventory: Command execution via eval, file writes to /tmp and ~/Desktop, and use of the system open command. 4. Sanitization: No evidence of sanitization or validation of the ingested repository content.
Audit Metadata