Skills
skills/ruvnet/ruflo/agent-performance-optimizer/Gen Agent Trust Hub

agent-performance-optimizer

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the mcp__flow-nexus__sandbox_execute tool to run Python code for system monitoring and resource optimization logic.
  • [EXTERNAL_DOWNLOADS]: The skill requests the installation of several standard Python packages, including numpy, scipy, psutil, and prometheus_client, during the setup of its sandbox execution environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Untrusted data enters via performanceData and systemTopology parameters in SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill can execute arbitrary code via mcp__flow-nexus__sandbox_execute and train models via mcp__flow-nexus__neural_train. 4. Sanitization: No input validation or escaping is performed on the ingested data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:32 PM