Skills
skills/software-mansion/argent/argent-create-flow/Gen Agent Trust Hub

argent-create-flow

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill creates a system for recording MCP tool names and arguments into YAML files which are later executed by the flow-execute tool. This effectively allows for the creation and execution of custom scripts within the agent's environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the manipulation of flow files. Commands and arguments are read directly from .argent/flows/*.yaml files and executed without secondary validation or sanitization.
  • Ingestion points: Flow definitions stored as YAML files in the .argent/flows/ directory, processed by the flow-execute tool.
  • Boundary markers: The skill relies on the YAML structure but does not include explicit markers or instructions to the agent to ignore potentially malicious embedded content within the arguments of the recorded steps.
  • Capability inventory: The skill can orchestrate any MCP tool currently available to the agent, which may include sensitive capabilities like file system modification or network access depending on the environment.
  • Sanitization: There is no evidence of sanitization or safety checks performed on the contents of the flow files prior to execution, other than an optional manual acknowledgment of a 'prerequisite' string.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:26 PM