skflow-transform

The specification outlines a functional runtime that supports shell command execution with detailed I/O logging and interactive yields to an LLM or human. While not inherently malicious, it presents non-trivial security risks around command execution, data leakage via logs and persistent state, and control flow through external yields. To minimize risk for software supply chain use, implement strict sandboxing or whitelisting for sh(cmd) invocations, enforce least-privilege execution, redact sensitive data in logs, restrict access to state/log files, and validate all yield payloads and prompts before exposure to external models or humans.

This module functions as a high-impact shell-command workflow orchestrator. It directly executes shell command strings via execSh sourced from the provided step callback (result._sh.cmd) and from an externally supplied resume input (opts.answer) with no validation or confinement in this file. It also persistently logs and returns stdout/stderr/cmd/code and can propagate stack traces, creating both command-execution and information-disclosure risk if upstream inputs or the step implementation are not fully trusted.

SUSPICIOUS. The skill's purpose is coherent, but it materially depends on unverified skflow CLI/runtime packages and broad skflow Bash delegation. There is no clear evidence of credential theft or malicious exfiltration, yet the unresolved provenance and unpinned npx execution make the install and execution trust disproportionally risky.