user-flow
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust multi-agent architecture where distinct agents (Structure, Edge Case, Diagram, Wireframe, Validation, and Critic) process specific parts of the task. This modular design includes built-in verification steps, such as a Critic agent that serves as a final quality gate.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to executescripts/generate_flow.py. This script is a local utility provided with the skill that converts structured JSON flow data into Mermaid diagram syntax. Analysis of the script confirms it uses only standard library modules and does not perform any unsafe operations or network calls. - [DATA_EXFILTRATION]: No patterns of data exfiltration were detected. The skill's file system access is scoped to reading project context and writing design artifacts to the
.agents/andproduct/directories. - [PROMPT_INJECTION]: The instructions do not contain techniques to bypass safety filters or override core agent behaviors. The ingestion of user input ('brief') is handled through structured prompts with explicit output schemas and a dedicated validation layer that mitigates potential injection risks.
- [SAFE]: The skill does not rely on external downloads or remote dependencies at runtime, significantly reducing the supply chain attack surface.
Audit Metadata