Skills
skills/fellowship-dev/flowchad/flow-report/Gen Agent Trust Hub

flow-report

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a shell command to locate snapshot directories by directly interpolating the user-provided {flow-name} variable. This allows an attacker to execute arbitrary shell commands by providing a malicious flow name containing command separators like semicolons or pipes.
  • Evidence: ls -d .flowchad/snapshots/*-{flow-name} | sort -r | head -1 in Step 1.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from external files and URLs, which creates a surface for indirect prompt injection attacks where data can hijack the agent's logic.
  • Ingestion points: snapshots/{latest}-{flow-name}/results.json (Step 1), flows/{flow-name}.yml (Step 5), and evidence URLs (Step 4).
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the processed data files.
  • Capability inventory: Shell command execution via ls and file system write access for report generation.
  • Sanitization: Absent; the skill does not specify any validation or filtering of the content read from external files before processing it.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 07:48 PM
Security Audit — agent-trust-hub — flow-report