sf-flow
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: Analysis of Python scripts (doc_generator.py, validate_flow.py, simulate_flow.py) shows they perform local XML processing and validation. No network calls or unauthorized data transmission logic was found.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests user-controlled Flow XML files to generate documentation and validation reports. While the description and label fields in XML could theoretically contain instructions, the processing logic treats them strictly as text data for report generation. Ingestion point: doc_generator.py. Capability: File read/write. Sanitization: Basic XML parsing.
- [COMMAND_EXECUTION]: Lifecycle hooks in .claude/hooks.yaml invoke local Python scripts for validation. These scripts are limited to parsing XML metadata and providing diagnostic feedback to the user.
Audit Metadata