Verification & Quality Assurance
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch and run theclaude-flowtool from the NPM registry. This is a standard method for utilizing CLI utilities within the ecosystem. - [COMMAND_EXECUTION]: The skill facilitates automated code verification and version control operations through Git. These actions are aligned with the skill's stated purpose of quality assurance and reliability management.
- [DATA_EXFILTRATION]: Documentation provides examples for users to optionally export metrics to external monitoring platforms such as Datadog or custom webhooks. These are configured by the user for monitoring purposes.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests external code and task outputs for verification. 1. Ingestion points: File contents via the --file flag and task metadata via the --task flag. 2. Boundary markers: None explicitly defined in the CLI instructions. 3. Capability inventory: Git rollback commands and HTTP POST requests for metrics export. 4. Sanitization: Verification and analysis logic is handled by the external claude-flow tool.
Audit Metadata