Skills
skills/ruvnet/agentic-flow/flow-nexus-platform/Gen Agent Trust Hub

flow-nexus-platform

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The mcp__flow-nexus__sandbox_execute tool enables the execution of arbitrary JavaScript and Python code within a sandbox environment, providing a high degree of control over the execution context.
  • [REMOTE_CODE_EXECUTION]: Tools such as mcp__flow-nexus__sandbox_create and mcp__flow-nexus__sandbox_configure allow for the execution of shell commands and scripts via startup_script and run_commands parameters.
  • [EXTERNAL_DOWNLOADS]: The platform supports dynamic installation of external software packages from registries like npm and PyPI through the install_packages parameter in sandbox management tools.
  • [CREDENTIALS_UNSAFE]: Several management functions, including user login, sandbox creation, and template deployment, accept sensitive information such as passwords, API keys, and database connection strings as plain-text parameters.
  • [DATA_EXFILTRATION]: Sandboxed environments possess network capabilities, allowing the execution of code that can send data to external URLs, as shown in the provided code execution examples.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 05:44 AM