flowhunt-skill

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation references an installation command npx skills add heyneuron/flowhunt-skill that retrieves and executes code from a third-party package registry. This package is not associated with a known trusted vendor or the skill author.- [PROMPT_INJECTION]: The skill instructs the AI to process untrusted data from external communication and task management tools, exposing it to potential indirect prompt injection attacks.
  • Ingestion points: Processes data from Gmail, Google Calendar, Slack, and various task trackers (e.g., Jira, Asana).
  • Boundary markers: Absent; the instructions do not specify any delimiters or safety guidelines to help the agent distinguish between data and potentially malicious embedded instructions.
  • Capability inventory: The agent performs extensive read operations on sensitive communication history to generate automation reports.
  • Sanitization: Absent; no input validation or content filtering is implemented for the audited data sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 12:16 PM
Security Audit — agent-trust-hub — flowhunt-skill