clarify-flow
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user-provided flow documentation, creating a surface for indirect prompt injection.
- Ingestion points: User-provided text or documents containing flow descriptions as described in SKILL.md.
- Boundary markers: No delimiters or safety instructions are defined to separate untrusted user data from agent instructions.
- Capability inventory: The skill performs file-write operations to user-specified paths as part of its primary function.
- Sanitization: No validation of input content or output file paths is specified in the prompt instructions.
- [COMMAND_EXECUTION]: The skill instructs the agent to perform write operations on the local file system.
- Evidence: The SKILL.md file contains instructions to 'write the optimized flow description back to the user-specified file path' after processing the input documentation.
Audit Metadata