Skills
skills/ruvnet/claude-flow/cost-track/Gen Agent Trust Hub

cost-track

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs a local script using Node.js (node plugins/ruflo-cost-tracker/scripts/track.mjs). This script is part of the vendor's package and is used for its primary function.
  • [PROMPT_INJECTION]: The skill processes session log files which contain untrusted content from previous interactions.
  • Ingestion points: Reads session files from ~/.claude/projects/<encoded-cwd>/<session>.jsonl.
  • Boundary markers: The instructions do not specify the use of delimiters for the processed log content.
  • Capability inventory: The skill uses Bash to execute the tracking script and mcp__claude-flow__memory_store to persist results.
  • Sanitization: Relies on standard JSON parsing within the local tracking script to process structured JSONL data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — cost-track