flow
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
bashto executesha256sumon file paths andechoto resolve environment variables. Since these inputs are derived from flow artifacts generated by analyzing the codebase, there is a risk of command injection if the project files or generated metadata contain malicious shell metacharacters. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: The agent reads and parses route files and component code from the project directory to discover flows (SKILL.md). Boundary markers: There are no explicit delimiters or safety instructions provided to the discoverer agent to ignore instructions embedded in the analyzed code. Capability inventory: The skill can execute shell commands, write files to the local directory, and perform browser automation via Chrome MCP. Sanitization: No sanitization, escaping, or validation of the codebase content is performed before processing.
Audit Metadata