Skills
skills/ruvnet/ruflo/agent-quorum-manager/Gen Agent Trust Hub

agent-quorum-manager

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The pre hook in SKILL.md executes shell commands that interpolate the $TASK environment variable. This constitutes a command injection surface if the task description originates from an untrusted source and is not properly sanitized before being passed to the shell.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data.\n
  • Ingestion points: The $TASK environment variable used in lifecycle hooks and the context object passed to the calculateOptimalQuorum method.\n
  • Boundary markers: None identified; untrusted data is directly echoed in shell scripts or used in JavaScript logic without delimiters.\n
  • Capability inventory: The skill has the ability to execute shell commands, store data via mcpTools.memory_usage, and orchestrate tasks via mcpTools.task_orchestrate.\n
  • Sanitization: No validation or sanitization routines were found for the external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:32 PM