Skills
skills/ruvnet/ruflo/observe-trace/Gen Agent Trust Hub

observe-trace

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the use of @claude-flow/cli via npx. This pattern downloads and executes the utility from the npm registry to perform memory searches, which is an expected dependency for the associated ecosystem.
  • [COMMAND_EXECUTION]: The skill requires the Bash tool and provides a shell command for retrieving trace spans. This is consistent with its intended use for developer operations and debugging.
  • [PROMPT_INJECTION]: The skill processes external data in the form of trace spans, which constitutes an indirect prompt injection surface.
  • Ingestion points: Data enters the context through the mcp__claude-flow__memory_search and mcp__claude-flow__memory_list tools in SKILL.md.
  • Boundary markers: No specific delimiters are defined to isolate the ingested span metadata from the instructions.
  • Capability inventory: The agent has access to the Bash shell and various agentdb tools as defined in the frontmatter.
  • Sanitization: The skill does not explicitly sanitize the ingested span data before it is synthesized into a narrative summary.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:17 PM