flow
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's documented operations are transparent and align with its stated purpose of assisting in web application testing and route discovery.
- [COMMAND_EXECUTION]: The skill utilizes shell commands like
sha256sumto detect file changes andechoto resolve environment variables required for automated form filling. These operations are limited to local environment auditing and the preparation of test data, which is standard behavior for a testing utility. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) because it ingests and processes untrusted data from the user's codebase to generate test flows.
- Ingestion points: Application route files and source code components (identified in SKILL.md under framework detection logic).
- Boundary markers: No explicit boundary markers or 'ignore' instructions are used when passing code segments to the
flow-discovereragent. - Capability inventory: The skill has access to browser automation tools (
mcp__claude-in-chrome__*), file write operations for documentation, and the ability to dispatch sub-agents. - Sanitization: There is no evidence of sanitization or escaping of the ingested code content before it is processed by the agent.
Audit Metadata