Skills
skills/rivet-dev/skills/ai-agent-workspace/Gen Agent Trust Hub

ai-agent-workspace

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides tools for agents to execute arbitrary shell commands within a virtualized workspace.
  • Evidence: exec and spawn methods described in SKILL.md and reference/agent-os/processes.md.
  • [EXTERNAL_DOWNLOADS]: Documentation recommends installing software packages from the author's npm organization.
  • Evidence: Recommendations for @rivet-dev/agent-os-common and @rivet-dev/agent-os-pi in SKILL.md.
  • [REMOTE_CODE_EXECUTION]: The skill teaches how to run coding agents that can download and execute code.
  • Evidence: createSession for the pi agent in reference/agent-os/sessions.md.
  • [DATA_EXFILTRATION]: Networking capabilities allow the agent to reach external services and expose internal ports via public URLs.
  • Evidence: vmFetch and createSignedPreviewUrl tools in reference/agent-os/networking.md.
  • [PROMPT_INJECTION]: Design patterns for processing untrusted data present a vulnerability surface for indirect injection.
  • Ingestion points: reference/agent-os/webhooks.md (Slack events).
  • Boundary markers: Absent in architectural examples.
  • Capability inventory: exec, spawn, writeFile, fetch across process management scripts.
  • Sanitization: Absent in example code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:46 AM
Security Audit — agent-trust-hub — ai-agent-workspace