Skills
skills/rbnd-studio/flows.sh/flows-install/Gen Agent Trust Hub

flows-install

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes package manager commands (such as npm i, pnpm add, yarn add, or bun add) to install the Flows SDK dependencies into the user's project.
  • [COMMAND_EXECUTION]: If TypeScript is detected, the skill runs tsc --noEmit to verify the generated code and ensure type safety within the project.
  • [EXTERNAL_DOWNLOADS]: The skill downloads and installs official packages from the @flows npm scope, which are required for the SDK functionality.
  • [PROMPT_INJECTION]: The skill reads local project files like package.json and directory structures to determine the correct framework and installation path. This creates a surface for indirect prompt injection if these files were maliciously crafted by an attacker, although the skill itself contains no malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:19 PM
Security Audit — agent-trust-hub — flows-install