Skills
skills/gmickel/gmickel-claude-marketplace/flow-next-interview/Gen Agent Trust Hub

flow-next-interview

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled local utility named flowctl located in the plugin's scripts directory. This tool is used to manage project state, such as glossary terms, decisions, and task descriptions. All execution is performed locally using the plugin's root environment variables.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from user arguments and local documentation files to drive an interactive interview.
  • Ingestion points: User-provided arguments ($ARGUMENTS), Flow IDs, and local markdown files (e.g., GLOSSARY.md, spec.md).
  • Boundary markers: The skill does not implement explicit boundary markers or delimiters to separate untrusted data from its core instructions.
  • Capability inventory: The skill possesses the capability to execute the bundled flowctl script and write updated content back to the local file system or the Flow management system.
  • Sanitization: No explicit sanitization or validation of the ingested data is described before it is processed or used in tool operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 04:35 PM