codeflow

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/install.sh script executes shell commands including git clone to download the upstream repository and open, xdg-open, or powershell.exe to launch the application in a web browser. These are standard operations for the skill's stated purpose of self-hosting the tool.\n- [EXTERNAL_DOWNLOADS]: The skill downloads the codeflow project from a public GitHub repository (braedonsaunders/codeflow) during the installation process. Per security rules, downloads from well-known services like GitHub are documented neutrally and do not contribute to verdict escalation.\n- [REMOTE_CODE_EXECUTION]: The scripts/install.sh script and references/features.md suggest running node --test on the downloaded repository content. This involves executing JavaScript code that is fetched from a remote source, which constitutes a localized execution surface for external code.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted data from GitHub repositories, local folders, and PR descriptions to generate architecture maps and summaries.\n
  • Ingestion points: Untrusted data enters the context from GitHub repositories, local directories, PR URLs, and markdown/Obsidian vaults via the WebFetch tool or local file access.\n
  • Boundary markers: The skill instructions do not specify any delimiters or warnings to the agent to ignore embedded instructions within the analyzed codebase content.\n
  • Capability inventory: The skill uses Bash for installation and WebFetch for remote data retrieval. The installation script can execute shell commands and launch processes.\n
  • Sanitization: No explicit sanitization, validation, or filtering of the processed codebase content is documented; the skill relies on the heuristic analysis performed by the upstream tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 05:46 AM
Security Audit — agent-trust-hub — codeflow