flue-framework

Pass

Audited by Gen Agent Trust Hub on Jun 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a technical manual and framework guide. All code snippets provided are illustrative examples for developers to build their own agents using the Flue Framework.
  • [EXTERNAL_DOWNLOADS]: The documentation references standard installations of the framework's own packages (@flue/runtime, @flue/cli) and integrations with well-known third-party services such as Anthropic, OpenAI, DeepSeek, and various sandbox providers (Daytona, E2B, Modal). These are documented neutrally as legitimate ecosystem components.
  • [COMMAND_EXECUTION]: The skill documents the framework's native capabilities for shell command execution and file system access via sandboxes. It provides explicit security guidance, advising users to use isolated environments (like remote containers) when handling untrusted tasks.
  • [PROMPT_INJECTION]: The skill contains instructional content for defining agent behavior. There are no attempts to override the primary agent's safety protocols or instructions. It encourages developers to use structured output validation (via Valibot) to maintain control over agent responses.
  • [CREDENTIALS_UNSAFE]: No hardcoded secrets or API keys are present. The documentation follows security best practices by instructing users to manage credentials via environment variables and .env files, providing placeholders like sk-your-key for examples.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill describes how to implement session persistence and data management within the framework's architecture using standard database or file-based stores.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 4, 2026, 08:00 AM
Security Audit — agent-trust-hub — flue-framework