skills/majiayu000/spellbook/flowguard/Gen Agent Trust Hub

flowguard

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes a bundled utility script, scripts/workflow_state_snapshot.sh, to collect read-only environment metadata (cwd, git branch, modified files). It also guides the agent to use standard language-specific build tools like cargo, npx, go, and pytest for verification of work, which is standard behavior for development-oriented agents.
  • [PROMPT_INJECTION]: The skill addresses the risk of indirect prompt injection by instructing the agent to treat ingested data from external sources (such as AGENTS.md files or prior summaries) as 'hints' rather than authoritative truth. It requires fresh evidence from the current session for all completion claims.
  • Ingestion points: Files like AGENTS.md, and repository state gathered via git status and git diff.
  • Boundary markers: Explicit operating contracts and resume checklists require comparing memory against 'local truth' before acting.
  • Capability inventory: File modification and execution of build/test commands within the agent's defined toolset.
  • Sanitization: Relies on human-in-the-loop checkpoints and explicit verification commands to validate state transitions.
  • [SAFE]: The skill follows security best practices by implementing an 'Automation Boundary' that requires explicit user confirmation for destructive actions, credential changes, or code deployments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 11:40 AM
Security Audit — agent-trust-hub — flowguard