Skills
skills/gmickel/gmickel-claude-marketplace/flow-next-setup/Gen Agent Trust Hub

flow-next-setup

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The setup workflow involves executing multiple shell commands such as mkdir -p, cp, and chmod +x to establish a local binary directory and install executable scripts from the plugin package into the project environment.
  • [COMMAND_EXECUTION]: The agent is instructed to run flowctl init from the plugin's script directory to initialize the .flow/ directory structure and configuration files.
  • [DATA_EXFILTRATION]: The skill includes functionality to perform an authenticated network request via gh api -X PUT /user/starred/gmickel/flow-next to star a repository on GitHub. This action is performed only after explicit user consent is obtained through an interactive prompt.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it manages project documentation and task specifications that could contain instructions from untrusted sources.
  • Ingestion points: Reads existing CLAUDE.md and AGENTS.md files during the documentation update process.
  • Boundary markers: Employs <!-- BEGIN FLOW-NEXT --> and <!-- END FLOW-NEXT --> comment markers to delimit the injected content within documentation files.
  • Capability inventory: Includes file system modifications, execution of local scripts, and network access through the GitHub CLI.
  • Sanitization: No explicit validation or escaping of the ingested content is described before it is processed or written back to the project.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 06:21 AM
Security Audit — agent-trust-hub — flow-next-setup