flowguard
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a bundled utility script,
scripts/workflow_state_snapshot.sh, to collect read-only environment metadata (cwd, git branch, modified files). It also guides the agent to use standard language-specific build tools likecargo,npx,go, andpytestfor verification of work, which is standard behavior for development-oriented agents. - [PROMPT_INJECTION]: The skill addresses the risk of indirect prompt injection by instructing the agent to treat ingested data from external sources (such as
AGENTS.mdfiles or prior summaries) as 'hints' rather than authoritative truth. It requires fresh evidence from the current session for all completion claims. - Ingestion points: Files like
AGENTS.md, and repository state gathered viagit statusandgit diff. - Boundary markers: Explicit operating contracts and resume checklists require comparing memory against 'local truth' before acting.
- Capability inventory: File modification and execution of build/test commands within the agent's defined toolset.
- Sanitization: Relies on human-in-the-loop checkpoints and explicit verification commands to validate state transitions.
- [SAFE]: The skill follows security best practices by implementing an 'Automation Boundary' that requires explicit user confirmation for destructive actions, credential changes, or code deployments.
Audit Metadata