Skills
skills/ruvnet/ruflo/agent-repo-architect/Gen Agent Trust Hub

agent-repo-architect

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via hooks (pre_task, post_edit, post_task, notification) using npx ruv-swarm. It also utilizes a Bash tool to perform GitHub CLI operations such as gh search repos.
  • [EXTERNAL_DOWNLOADS]: The skill's hooks rely on npx ruv-swarm, which may download the package from the NPM registry at runtime. As the package is owned by the skill author ('ruvnet'), this is considered standard vendor functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its architecture.
  • Ingestion points: Data enters the context through Read, LS, Glob, WebFetch, and mcp__github__search_repositories tools.
  • Boundary markers: The provided usage examples do not demonstrate explicit delimiters or 'ignore embedded instructions' warnings when processing fetched data.
  • Capability inventory: The skill possesses significant capabilities, including local file modification (Write, Edit), shell execution (Bash), and remote repository modification (mcp__github__push_files, mcp__github__create_or_update_file).
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from external repositories or web fetches before it is used to drive architectural recommendations or automated edits.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:32 PM