flow-initializer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The migration workflow in Path 2 exposes the agent to indirect prompt injection. 1. Ingestion points: The skill reads local project documentation like PRD.md, TODO.md, and PLAN.md from the file system. 2. Boundary markers: No specific delimiters or safety instructions are defined to separate user data from system instructions during processing. 3. Capability inventory: The skill has the authority to create and modify the .flow/ directory and its contents. 4. Sanitization: There is no evidence of sanitization or filtering logic applied to source documents before they are analyzed for project structure conversion.
- COMMAND_EXECUTION (LOW): The documentation mentions using system-level variables for timestamped backups (e.g., $(date +%Y-%m-%d-%H%M%S)). This implies the skill relies on shell execution for file management tasks, which represents a capability for running local system commands.
Audit Metadata