Skills
skills/millionco/react-doctor/rule-validate/Gen Agent Trust Hub

rule-validate

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted text from PR comments and evaluation results which could contain malicious instructions designed to influence agent behavior.
  • Ingestion points: Review comments (in the 'Review Comment Triage' section) and RDE eval results (in the 'RDE Rule Validation' section).
  • Boundary markers: None identified.
  • Capability inventory: Shell command execution via bunx and nr (npm-run).
  • Sanitization: No validation or sanitization is specified for external input.
  • [COMMAND_EXECUTION]: The skill executes shell commands such as bunx @rayhanadev/truffler and nr changeset. The truffler command interpolates a helper name directly into the command string, which could lead to command injection if the helper name is derived from untrusted code without sanitization.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes bunx to download and run the @rayhanadev/truffler package from the npm registry if it is not already available locally.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 06:43 AM
Security Audit — agent-trust-hub — rule-validate