flow-nexus-platform

This SKILL.md describes a powerful platform-management skill that legitimately needs capabilities for sandbox creation, code execution, storage, deployment, and billing. However, the described capabilities are broad and include multiple high-risk patterns: arbitrary code/shell execution via startup_script and sandbox_execute, download-execute chains (git clone, npm/pip install), direct injection of secrets into environments, publishing templates (transitive trust), and tools-enabled AI assistant autonomy. The document lacks explicit security controls (egress restrictions, package pinning, credential vaulting, explicit least privilege, and per-action human approval). While there is no embedded obfuscated malware or explicit exfiltration code in the text itself, the combination of capabilities and example usage creates significant supply-chain and data-exfiltration risk if this skill or an agent using it is compromised or used with malicious inputs. Recommend treating this skill as high-risk unless strict runtime controls are enforced: require secret vaulting, restrict network egress by default, require signed/pinned templates, human approval for autonomous actions, and content scanning of startup scripts and published templates.