skills/0xdarkmatter/claude-mods/r-ops/Gen Agent Trust Hub

r-ops

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes a maintenance script scripts/check-r-facts.py that can optionally connect to https://crandb.r-pkg.org/ (an R package database) to verify that recommended packages are still available. This is a legitimate utility for documentation currency and targets a well-known service.
  • [CREDENTIALS_UNSAFE]: The documentation explicitly promotes secure credential handling, advising users to use environment variables (Sys.getenv()) or the keyring package instead of hardcoding secrets.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. Network operations described (APIs via httr2, scraping via rvest) are standard data science tasks and use standard libraries.
  • [INDIRECT_PROMPT_INJECTION]: As a data analysis tool, the skill naturally involves processing external data (CSV, JSON, HTML). While this presents a theoretical surface for indirect injection, the skill is focused on standard analytical workflows and provides no specialized vectors for such attacks, utilizing standard R data processing idioms.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 06:11 PM
Security Audit — agent-trust-hub — r-ops