flow-next-work

The file itself is not overtly malicious, but it mandates running a repository-bundled flowctl script and staging all files with git add -A — together these create a high-risk trust boundary. The primary threat is that an untrusted or malicious flowctl could read the repo (including secrets), commit unwanted changes, or exfiltrate data to configured review backends. Before using this skill, audit the bundled ${CLAUDE_PLUGIN_ROOT}/scripts/flowctl and verify review-backend behaviors and endpoints; prefer running in an isolated worktree and ensure sensitive files are excluded or redacted.