Skills
skills/gmickel/gmickel-claude-marketplace/flow-next-plan-review/Gen Agent Trust Hub

flow-next-plan-review

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses eval to execute shell commands dynamically generated by the flowctl bundled script, introducing risks associated with runtime code execution.
  • [PROMPT_INJECTION]: Contains explicit instructions to suppress standard human-in-the-loop safety protocols, directing the agent to 'Automatically fix ALL valid issues' and 'Never use AskUserQuestion' during iterative cycles.
  • [DATA_EXFILTRATION]: Aggregates content from local repository files, including specifications and source code, and transmits this data to external review services (Codex and RepoPrompt).
  • [COMMAND_EXECUTION]: Employs shell utilities like grep and paste to parse file content and dynamically assemble file lists used as arguments in subsequent shell commands, which can be vulnerable to command injection if file metadata is manipulated.
  • [DATA_EXFILTRATION]: Temporarily stores unencrypted plan information and review prompts in the /tmp directory, potentially exposing project data to other users or processes on the system.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 02:41 AM