flow-next-prime
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill's 'Verification' phase explicitly executes test and build commands found within the target repository to verify they work. If a repository contains malicious instructions in its build or test scripts (e.g., in
package.jsonorMakefile), the agent will execute them with the user's local permissions. - DATA_EXFILTRATION (MEDIUM): The 'env-scout' component and Pillar 5 checks specifically target
.envand environment variable configurations. While intended for documenting requirements, this capability allows the agent to read and potentially expose sensitive secrets contained in local environment files. - EXTERNAL_DOWNLOADS (LOW): The remediation templates suggest adding pre-commit hooks that download and execute code from external GitHub repositories, such as
astral-sh/ruff-pre-commitandpre-commit/pre-commit-hooks. While these are common dev tools, they introduce external dependencies into the user's project. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted repository data (README, CLAUDE.md, and source code) to generate its maturity reports.
- Ingestion points: Local file system reads of repository root and subdirectories.
- Boundary markers: Not explicitly defined; the scouts ingest content directly.
- Capability inventory: File writing, execution of project commands, and
gh apicalls for GitHub setting verification. - Sanitization: None detected for the data processed during assessment.
Audit Metadata