sf-flow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions do not contain any patterns typical of prompt injection, such as behavior overrides or safety bypass attempts.
- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file access, or unauthorized network operations were found in the templates or supporting scripts.
- [OBFUSCATION]: The code and documentation are transparent and do not utilize encoding or hidden characters to obscure intent.
- [REMOTE_CODE_EXECUTION]: There are no mechanisms for downloading or executing remote code. Analysis is performed locally on flow metadata files.
- [COMMAND_EXECUTION]: The provided Python scripts for documentation and validation (
doc_generator.py,validate_flow.py,simulate_flow.py) perform static analysis and do not use high-risk functions likeeval()oros.system(). - [INDIRECT_PROMPT_INJECTION]: The skill has a defined ingestion surface for user-provided Flow XML files, but it processes them safely through static analysis and template-based reporting without runtime execution of untrusted content.
Audit Metadata