setting-up-relayfile
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION]: The skill includes commands and code snippets that access
~/.relayfile/credentials.jsonto retrieve authentication tokens. This data is used to authenticate requests to the service's official API atagentrelay.comandapi.relayfile.dev. As these are vendor-owned resources and part of the tool's intended setup, this is considered a standard operational requirement. - [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external integrations (Notion, Slack, Linear, GitHub) into the agent's context through a local mount.
- Ingestion points: Third-party data is mirrored to the local directory
~/relayfile-mount(SKILL.md). - Boundary markers: No specific delimiters or 'ignore' instructions are provided to separate external content from the agent's primary instructions.
- Capability inventory: The skill utilizes the
relayfileCLI and SDK, which have the capability to perform file writes and network operations (SKILL.md). - Sanitization: The instructions do not specify any validation or sanitization steps for the external content before it is processed by the agent.
Audit Metadata