Skills
skills/ruvnet/ruflo/agent-specification/Gen Agent Trust Hub

agent-specification

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs execution hooks that interpolate user-controlled variables directly into shell-like commands.
  • Evidence: The pre hook in SKILL.md executes memory_store "spec_start_$(date +%s)" "Task: $TASK".
  • Risk: If the platform evaluates these strings in a shell without proper escaping, the $TASK variable can be used to inject arbitrary shell commands.
  • [PROMPT_INJECTION]: The skill demonstrates a vulnerability surface for indirect prompt injection by ingesting untrusted data without boundary markers.
  • Ingestion points: The $TASK variable is interpolated into the pre hook in SKILL.md.
  • Boundary markers: There are no delimiters (e.g., XML tags or triple quotes) used to isolate the variable content.
  • Capability inventory: The skill uses echo and memory_store operations which, while limited, are executed automatically upon skill invocation.
  • Sanitization: No sanitization, escaping, or validation logic is present to filter malicious instructions or shell metacharacters from the $TASK input.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 04:33 PM