flow-next
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled script named flowctl from the plugin's scripts directory. This is the intended method for managing tasks and epics within the .flow/ directory.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Operations are restricted to the local filesystem, specifically the project's .flow/ directory and /tmp/ for temporary task data. No network communication or unauthorized access to sensitive files was observed.
- [REMOTE_CODE_EXECUTION]: No remote code execution or external download patterns were identified. The skill relies on locally provided scripts.
Audit Metadata