flow-discovery
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust analysis methodology using personas and structured checklists to evaluate software projects. All identified behaviors are consistent with its documented purpose of workflow discovery and system review.
- [PROMPT_INJECTION]: The skill uses behavioral directives, such as requiring the agent to find at least three issues and prohibiting positive-only feedback. These are technical constraints designed to ensure thoroughness in its 'adversarial review' mode and do not target the underlying platform's safety filters.
- [COMMAND_EXECUTION]: The tech stack detection logic scans for standard project configuration files (e.g., package.json, manage.py, pom.xml) to tailor its analysis. These operations are diagnostic and do not include the execution of arbitrary or dangerous shell commands.
- [DATA_EXFILTRATION]: The internet research functionality leverages well-known tools (Firecrawl and Graph Brain) to gather industry benchmarks and compliance data. The data processed is public and relevant to the user's request, with no patterns suggesting unauthorized credential access or sensitive data harvesting.
Audit Metadata