setting-up-relayfile

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The skill includes commands and code snippets that access ~/.relayfile/credentials.json to retrieve authentication tokens. This data is used to authenticate requests to the service's official API at agentrelay.com and api.relayfile.dev. As these are vendor-owned resources and part of the tool's intended setup, this is considered a standard operational requirement.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external integrations (Notion, Slack, Linear, GitHub) into the agent's context through a local mount.
  • Ingestion points: Third-party data is mirrored to the local directory ~/relayfile-mount (SKILL.md).
  • Boundary markers: No specific delimiters or 'ignore' instructions are provided to separate external content from the agent's primary instructions.
  • Capability inventory: The skill utilizes the relayfile CLI and SDK, which have the capability to perform file writes and network operations (SKILL.md).
  • Sanitization: The instructions do not specify any validation or sanitization steps for the external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 06:13 PM
Security Audit — agent-trust-hub — setting-up-relayfile