flow-next-plan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Command Execution (SAFE): The skill executes a bundled script
flowctland thejqutility to perform internal configuration checks and manage task metadata. These operations are restricted to the skill's environment and are necessary for its primary planning function. - Data Exposure & Exfiltration (SAFE): No unauthorized file access or external data transmission patterns were detected. The skill only interacts with local project configuration files (
.flow/meta.jsonandplugin.json) to verify setup versions. - Indirect Prompt Injection (SAFE): The skill processes user-supplied feature requests and repository context to generate structured planning documents. Because the output is restricted to documentation files (Markdown and JSON) and does not involve direct execution of generated content or high-privilege tool calls, the risk is minimal.
Audit Metadata