Skills
skills/ruvnet/claude-flow/agent-v3-security-architect/Gen Agent Trust Hub

agent-v3-security-architect

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The post_execution hook triggers npx agentic-flow@alpha. This command downloads and executes code from the npm registry at runtime. The agentic-flow package is not from a trusted organization, posing a risk of remote code execution if the package is malicious or compromised.
  • COMMAND_EXECUTION (MEDIUM): The post_execution hook interpolates the $TASK environment variable directly into a shell command: --task "Security Architecture: $TASK". Without proper sanitization or escaping, an attacker providing a crafted task description containing shell metacharacters (e.g., ;, `, $(...)) could execute arbitrary commands on the host system.
  • INDIRECT PROMPT INJECTION (LOW): The skill possesses an ingestion surface where external data ($TASK) is used in a high-capability hook (shell execution). There are no boundary markers or sanitization logic present to prevent instructions embedded within the task data from influencing the shell environment.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:10 PM