Skills
skills/rivet-dev/skills/ai-agent/Gen Agent Trust Hub

ai-agent

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation encourages the installation of the RivetKit framework and its associated software packages (e.g., agentOS components) from official NPM registries. It also provides links to reference implementations and example code hosted on the vendor's official GitHub organization.
  • Evidence: References to rivetkit and @rivet-dev/* packages found in BASE_SKILL.md and throughout the reference files. Links to github.com/rivet-dev/rivet in SKILL.md.
  • [COMMAND_EXECUTION]: The skill includes instructional commands for project setup, environment configuration, and deployment. This includes Docker build instructions, NPM package management, and the use of the Rivet CLI for managing cloud resources.
  • Evidence: BASE_SKILL.md (Docker and NPM setup), reference/cli.md (Rivet deployment commands).
  • [PROMPT_INJECTION]: The skill documents architectures for agents that ingest untrusted data from sources such as message queues and external webhooks, creating a surface for indirect prompt injection. However, the skill provides extensive documentation on mitigating these risks through security checklists and architectural best practices.
  • Ingestion points: Untrusted data enters the agent context through user message queues (SKILL.md), webhook payloads (reference/agent-os/webhooks.md), and filesystem reads (reference/agent-os/filesystem.md).
  • Boundary markers: While omitted in minimal code snippets, the documentation (reference/cookbook/ai-agent.md) explicitly recommends deriving sender identity server-side and implementing strict payload validation.
  • Capability inventory: The agentOS runtime allows agents to execute shell commands (exec/spawn), manage files (writeFile), and perform proxied network requests (vmFetch), all within isolated VM environments (reference/agent-os/processes.md, reference/agent-os/filesystem.md, reference/agent-os/networking.md).
  • Sanitization: Guidance is provided for implementing connection-level authentication and authorization hooks to filter and validate external content before it influences agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:44 AM
Security Audit — agent-trust-hub — ai-agent