Skills
skills/fruffel/reflex-cli-skill/reflex-scripting/Gen Agent Trust Hub

reflex-scripting

Warn

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill grants the agent the ability to execute a wide range of shell-level commands through the reflex utility.
  • Evidence: The instructions explicitly guide the agent to use commands like reflex xlsx, reflex rest, and reflex csv to perform direct library operations.
  • [REMOTE_CODE_EXECUTION]: The skill allows for the execution of arbitrary code strings generated or provided at runtime via script interpreters.
  • Evidence: The skill defines the reflex lua exec and reflex python exec commands specifically for running complex, dynamically generated logic.
  • [DATA_EXFILTRATION]: The skill provides both file system access and network capabilities, creating a direct path for data exfiltration.
  • Evidence: The agent can use libraries like Xlsx or Csv to read local data and the Rest library to send that data to external URLs via HTTP requests.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process data from untrusted external sources.
  • Ingestion points: Data enters the agent's context through file reads (reflex xlsx open, reflex csv) and API responses (reflex rest get).
  • Boundary markers: The skill does not provide instructions for using delimiters or markers to differentiate between trusted instructions and untrusted data content.
  • Capability inventory: The skill provides arbitrary script execution (lua exec, python exec), file system modification (Fl.write), and network requests (rest).
  • Sanitization: There are no requirements or mechanisms described for sanitizing or validating data retrieved from external files or APIs before processing it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 10, 2026, 12:12 PM