Skills
skills/millionco/react-doctor/rule-research/Gen Agent Trust Hub

rule-research

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends using bunx @rayhanadev/truffler to perform code searches, which involves downloading a package from the NPM registry.
  • [REMOTE_CODE_EXECUTION]: Recommends the execution of a third-party tool (@rayhanadev/truffler) via bunx, allowing for the execution of remote code on the local environment.
  • [PROMPT_INJECTION]: The skill defines a research workflow that ingests content from external sources (documentation, OSS examples) without sanitization or boundary markers, posing a risk of indirect prompt injection.
  • Ingestion points: External code repositories and documentation links.
  • Boundary markers: None identified in the prompt templates.
  • Capability inventory: Execution of external packages via bunx.
  • Sanitization: No filtering or validation logic is specified for the processed content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 05:30 AM
Security Audit — agent-trust-hub — rule-research