Skills
skills/ruvnet/ruflo/security-scan/Gen Agent Trust Hub

security-scan

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch and run the @claude-flow/cli package from the public npm registry.
  • [COMMAND_EXECUTION]: Executes shell commands to perform security scans, check for known CVEs, and generate markdown reports.
  • [PROMPT_INJECTION]: The skill presents a potential surface for indirect prompt injection as it audits external codebase content.
  • Ingestion points: Reads codebase files via Read and Grep tools during the scanning process.
  • Boundary markers: None identified in the prompt instructions to delimit untrusted file content.
  • Capability inventory: The agent can execute shell commands through the Bash tool and update memory states.
  • Sanitization: No explicit sanitization or filtering of the audited code is performed before analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 10:49 PM