workflow-automation
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses
npx claude-flowwhich download s and execute s code from the npm registry at runtime. The package 'claude-flow' is not associated with any truste d organization or repository provide d in the security skill policy. - [COMMAND_EXECUTION] (LOW): The skill provide s several CLI command s (create, execute, export) to be run in the system shell.
- [IN DIR EC T PR OM PT IN J E C T I O N] (LOW): The skill processe s untruste d data in the form of workflow tem p l a t e s and task string s.
- In gestion point s: Workflow Structure (YAM L) definition s and task description s.
- Boundary marker s: Absent.
- Capability inventory: Orchestrate s command execution throug h npx.
- Sanitization: None identifie d for task conten t or tem p l a t e field s.
Audit Metadata