ray
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides bash command templates using curl and command substitution (uuidgen, hostname) for the agent to execute locally. * Evidence:
rules/ray-local-http.mdand various other rules contain curl examples that the agent is instructed to use. - [DATA_EXFILTRATION] (LOW): The skill enables reading local files and transmitting their contents to a local service (localhost:23517). * Evidence:
rules/file-contents.mdprovides a template usingcatto read file data for transmission. - [PROMPT_INJECTION] (LOW): Vulnerability surface for indirect prompt injection as it processes untrusted data for rich rendering in the debugger. * Ingestion point:
rules/file-contents.md(file read) and user-supplied data. * Boundary markers: Absent. * Capability: File read and network send (via curl). * Sanitization: Basic HTML encoding is performed for display purposes, but no security-focused sanitization is present to prevent injection into the target application.
Audit Metadata