flue-framework
Pass
Audited by Gen Agent Trust Hub on Jun 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical manual and framework guide. All code snippets provided are illustrative examples for developers to build their own agents using the Flue Framework.
- [EXTERNAL_DOWNLOADS]: The documentation references standard installations of the framework's own packages (
@flue/runtime,@flue/cli) and integrations with well-known third-party services such as Anthropic, OpenAI, DeepSeek, and various sandbox providers (Daytona, E2B, Modal). These are documented neutrally as legitimate ecosystem components. - [COMMAND_EXECUTION]: The skill documents the framework's native capabilities for shell command execution and file system access via sandboxes. It provides explicit security guidance, advising users to use isolated environments (like remote containers) when handling untrusted tasks.
- [PROMPT_INJECTION]: The skill contains instructional content for defining agent behavior. There are no attempts to override the primary agent's safety protocols or instructions. It encourages developers to use structured output validation (via Valibot) to maintain control over agent responses.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or API keys are present. The documentation follows security best practices by instructing users to manage credentials via environment variables and
.envfiles, providing placeholders likesk-your-keyfor examples. - [DATA_EXFILTRATION]: No evidence of unauthorized data access or exfiltration. The skill describes how to implement session persistence and data management within the framework's architecture using standard database or file-based stores.
Audit Metadata