Skills
skills/ruvnet/claude-flow/agent-arch-system-design/Gen Agent Trust Hub

agent-arch-system-design

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill defines local shell commands in its pre_execution and post_execution hooks (find, grep, head). While the specified commands are common utility tools, the use of hooks to execute arbitrary shell code contradicts the skill's own restricted_tools configuration which blocks the Bash tool, representing a bypass of intended security constraints.
  • [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted external data and possesses write capabilities.
  • Ingestion points: The skill uses the Read tool to ingest content from *.md files and uses WebSearch to retrieve information from the internet (SKILL.md, capabilities section).
  • Boundary markers: There are no delimited boundaries or instructions provided to the agent to ignore or isolate embedded instructions within the ingested markdown files.
  • Capability inventory: The agent has the Write tool enabled for docs/ and diagrams/ directories, allowing it to modify project documentation based on potentially malicious instructions found in processed files.
  • Sanitization: No sanitization or validation logic is defined to filter malicious payloads from ingested data before they influence the agent's output or documentation writes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:08 AM