flow-next-interview
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection. It reads external content from markdown files and task descriptions which could contain malicious instructions designed to override agent behavior. \n
- Ingestion points: Reads files from user-provided paths and retrieves task data via
flowctl cat. \n - Boundary markers: Absent. External content is not delimited or labeled as untrusted data. \n
- Capability inventory: The skill can overwrite local files and execute bundled
flowctlcommands to modify the project's state. \n - Sanitization: Absent. There is no evidence of content filtering or escaping before processing external data.\n- [COMMAND_EXECUTION] (LOW): The skill executes a bundled script (
flowctl) and usesjqfor data processing. These operations are essential for its functionality and are restricted to local paths.
Recommendations
- AI detected serious security threats
Audit Metadata