Skills
skills/gmickel/flow-next-opencode/flow-next-opencode-work/Gen Agent Trust Hub

flow-next-opencode-work

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bundled binary flowctl (located at .opencode/bin/flowctl) to manage task states and project configuration. This tool is a vendor-provided resource used for the skill's primary function.
  • [COMMAND_EXECUTION]: Executes standard git operations for branch creation, staging changes, and committing code. It specifically uses git add -A to ensure all task tracking metadata is included in commits.
  • [PROMPT_INJECTION]: The skill is designed to follow instructions found in external markdown specification files or idea text. This creates a surface for indirect prompt injection where instructions in the data could influence agent behavior.
  • Ingestion points: Markdown files (.md) and text provided in the skill arguments ($ARGUMENTS).
  • Boundary markers: None; the skill is explicitly instructed to treat the specifications as the source of truth and follow them exactly.
  • Capability inventory: File system access, execution of the bundled flowctl binary, and git commands.
  • Sanitization: No input sanitization is performed on the provided specification content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 09:07 AM