Skills
skills/bytedance/deer-flow/claude-to-deerflow/Gen Agent Trust Hub

claude-to-deerflow

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes curl within bash scripts (chat.sh, status.sh) to communicate with the DeerFlow Gateway and LangGraph APIs. Input handling is robust, using Python's json.dumps to escape user messages, which prevents injection into the JSON request bodies.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates network connections to the DeerFlow API. While the default configuration points to localhost, the endpoint is configurable via environment variables, supporting intended remote service integration.\n- [DATA_EXFILTRATION]: The skill includes functionality to upload local files to DeerFlow threads for analysis. This is a documented feature used for document-based research and operates over the configured API channel.\n- [PROMPT_INJECTION]: The skill acts as a bridge to another AI platform, creating an indirect prompt injection surface.\n
  • Ingestion points: User messages in chat.sh and SSE response data received from the DeerFlow API.\n
  • Boundary markers: No explicit delimiters are used in the scripts to isolate remote agent output from system instructions.\n
  • Capability inventory: Network communication and file uploads via curl, temporary file creation.\n
  • Sanitization: User input is escaped via Python JSON serialization; incoming data is processed using standard JSON parsers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 08:48 AM