agentflow-plugins
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of technical documentation and reference materials for the Agentflow ecosystem. It does not contain executable code, obfuscated content, or malicious instructions. It provides guidance on using the agentflow CLI tool for managing plugin-based workflows.
- [SAFE]: The documentation addresses the attack surface of processing external data (Indirect Prompt Injection) by prescribing security mitigations for authors.
- Ingestion points: Plugin source repositories (Git/Local), workflow manifests, and output artifacts as described in references/plugin-workflows.md.
- Boundary markers: Use of JSON schemas for configuration validation and stable JSON output formats for tool inter-communication.
- Capability inventory: The skill documents how to author shell scripts and Node.js tools that run within the supervised agentflow sandbox environment.
- Sanitization: Explicit instructions are provided to use agentflow auth for secrets and to avoid passing sensitive data like tokens or passwords through standard non-secret configuration fields.
Audit Metadata