vector-cluster
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill performs code clustering using the ruvector package, which is a tool associated with the vendor.
- [EXTERNAL_DOWNLOADS]: Fetches the ruvector@0.2.25 package from the NPM registry using npm and npx.
- [COMMAND_EXECUTION]: Runs graph-based clustering via Bash commands on specified files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing local files. 1. Ingestion points: File paths passed to npx ruvector in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Bash, Read, and memory tools. 4. Sanitization: None. This surface is inherent to the skill's purpose.
Audit Metadata