The Agent Skills Directory

[COMMAND_EXECUTION]: The skill employs eval to execute output from the bundled flowctl script, which can result in the execution of dynamically generated shell commands (e.g., eval \"$($FLOWCTL rp setup-review ...)\").
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by processing external LLM feedback to drive automated code modifications and git commits.
Ingestion point: workflow.md reads reviewer responses via the REVIEW_RESPONSE variable.
Boundary markers: Absent; there are no instructions to ignore malicious directives within the feedback.
Capability inventory: The skill has authority to run git add, git commit, and file system modifications.
Sanitization: Absent; the workflow is designed to automatically apply all fixes suggested by the backend.
[PROMPT_INJECTION]: The instructions command the agent to operate without user oversight or safety prompts: 'CRITICAL: Do NOT ask user for confirmation. Automatically fix ALL valid issues and re-review... Never use AskUserQuestion in this loop.'

flow-next-spec-completion-review