r-ops
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes a maintenance script
scripts/check-r-facts.pythat can optionally connect tohttps://crandb.r-pkg.org/(an R package database) to verify that recommended packages are still available. This is a legitimate utility for documentation currency and targets a well-known service. - [CREDENTIALS_UNSAFE]: The documentation explicitly promotes secure credential handling, advising users to use environment variables (
Sys.getenv()) or thekeyringpackage instead of hardcoding secrets. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. Network operations described (APIs via
httr2, scraping viarvest) are standard data science tasks and use standard libraries. - [INDIRECT_PROMPT_INJECTION]: As a data analysis tool, the skill naturally involves processing external data (CSV, JSON, HTML). While this presents a theoretical surface for indirect injection, the skill is focused on standard analytical workflows and provides no specialized vectors for such attacks, utilizing standard R data processing idioms.
Audit Metadata