Skills
skills/gmickel/gmickel-claude-marketplace/flow-next-setup/Gen Agent Trust Hub

flow-next-setup

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill templates instruct the agent to execute a local binary located at .flow/bin/flowctl. This binary originates from an untrusted third-party source (github.com/gmickel), presenting a risk of arbitrary code execution.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references external code and documentation from a GitHub repository not included in the trusted source list.
  • [PROMPT_INJECTION] (LOW): The skill injects instructions into project documentation (CLAUDE.md) that compel the agent to prioritize the unverified flowctl tool for all task management, creating a dependency on external tool outputs. Evidence Chain for Indirect Prompt Injection: 1. Ingestion points: templates/claude-md-snippet.md (targeting CLAUDE.md). 2. Boundary markers: Absent. 3. Capability inventory: Local command execution via the flowctl binary. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 02:47 PM