Skills
skills/ruvnet/agentic-flow/V3 CLI Modernization/Gen Agent Trust Hub

V3 CLI Modernization

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The ModularCommandRegistry and WorkflowOrchestrator implement a system for dynamic command resolution and execution where commands and arguments are processed from string-based workflow definitions.
  • [DATA_EXFILTRATION]: Command execution metadata, including arguments and execution context, is recorded and transmitted to the vendor's telemetry services, specifically AgenticFlowHooksClient and AgentDBLearningClient.
  • [PROMPT_INJECTION]: The skill's generateWorkflowFromIntent method creates executable workflows from natural language input, establishing an indirect prompt injection surface. Evidence: 1. Ingestion points: WorkflowOrchestrator.generateWorkflowFromIntent(intent). 2. Boundary markers: None identified. 3. Capability inventory: Ability to execute any command registered in the ModularCommandRegistry. 4. Sanitization: No explicit validation of generated workflows is provided before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 05:44 AM