user-flow-validator
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest data from external surfaces (Web UI, API, CLI) and process it using powerful tools including Bash and Write. This creates a surface for Indirect Prompt Injection.
- Ingestion points: Processes data from "Web UI, CLI, API" as described in the skill's primary function in
SKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to separate untrusted external data from the agent's internal instructions.
- Capability inventory: The skill utilizes
Bash,Read,Write, andGreptools. - Sanitization: The provided scripts (
main.cjs,pre-execute.cjs,post-execute.cjs) are scaffolds and do not implement any sanitization, validation, or escaping of input data. - [COMMAND_EXECUTION]: The skill uses the
Bashtool and provides commands to execute local Node.js scripts. While these scripts are part of the skill's own package, the combination of command execution with the processing of external data (Indirect Prompt Injection) increases the potential impact of an attack.
Audit Metadata