Skills
skills/ruvnet/ruflo/agent-refinement/Gen Agent Trust Hub

agent-refinement

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes lifecycle hooks that execute npm test in the local environment. This is intended for the refinement process but allows the execution of arbitrary shell commands as defined in a project's package.json file.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to analyze and refine external, untrusted code.
  • Ingestion points: The agent processes user-provided source code and configuration files during the refinement phase.
  • Boundary markers: No delimiters or instructions are present to prevent the agent from being influenced by malicious commands or instructions embedded within the analyzed code.
  • Capability inventory: The skill has the capability to execute shell commands (npm test) and interact with the agent's memory store.
  • Sanitization: There is no evidence of sanitization or verification of the project's scripts before they are executed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:32 PM