rudder-import-and-evolve
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the use of rudder-cli to interact with RudderStack workspaces, perform authentication, and synchronize local YAML configurations with the remote state. This is the primary function of the skill and is aligned with its stated purpose.
- [PROMPT_INJECTION]: The workflow involves ingesting data from external RudderStack workspaces, which presents a surface for indirect prompt injection. The skill proactively addresses this by including built-in mitigations and best practices.
- Ingestion points: Data is imported from the workspace into local YAML files via the 'rudder-cli import workspace' command in SKILL.md.
- Boundary markers: The instructions include a dedicated 'Handling External Content' section that explicitly warns against trusting user-generated descriptions in imported content.
- Capability inventory: The skill utilizes the rudder-cli tool and has file system access (Read, Write, Edit) to manage local configurations and apply changes back to the workspace.
- Sanitization: Explicit instructions are provided to sanitize, review, and validate imported resources before they are committed to version control or applied to a production workspace.
Audit Metadata