flowhunt-skill
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references an installation command
npx skills add heyneuron/flowhunt-skillthat retrieves and executes code from a third-party package registry. This package is not associated with a known trusted vendor or the skill author.- [PROMPT_INJECTION]: The skill instructs the AI to process untrusted data from external communication and task management tools, exposing it to potential indirect prompt injection attacks. - Ingestion points: Processes data from Gmail, Google Calendar, Slack, and various task trackers (e.g., Jira, Asana).
- Boundary markers: Absent; the instructions do not specify any delimiters or safety guidelines to help the agent distinguish between data and potentially malicious embedded instructions.
- Capability inventory: The agent performs extensive read operations on sensitive communication history to generate automation reports.
- Sanitization: Absent; no input validation or content filtering is implemented for the audited data sources.
Audit Metadata