flow-next-plan-review

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains multiple deliberate abuse patterns: it forces use of a bundled (repo-controlled) flowctl binary and evals its output (supply‑chain/remote code execution risk), explicitly requires sending full file_contents to external LLM backends (data exfiltration risk), bans asking user consent while automatically editing/spec-updating the repo (unauthorized modification/backdoor injection risk), and includes a "protected-path filter" that suppresses any recommendations to remove or ignore pipeline artifacts (appears designed to hide/persist malicious artifacts); together these indicate high intent and capability for backdoor/supply‑chain abuse and data leakage.