Skills
skills/ruvnet/claude-flow/federation-status/Gen Agent Trust Hub

federation-status

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the @claude-flow/plugin-agent-federation package from the NPM registry using npx to execute federation utilities.
  • [COMMAND_EXECUTION]: Executes shell commands via npx to run ruflo-federation status and ruflo-federation peers for health and trust metric retrieval.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests and summarizes data from external command outputs and memory searches, creating a potential surface for indirect injection if peer data contains malicious instructions.
  • Ingestion points: Command output from ruflo-federation and results from mcp__claude-flow__memory_search in SKILL.md.
  • Boundary markers: No delimiters or ignore instructions are used to wrap the tool outputs.
  • Capability inventory: Includes shell command execution through the Bash tool (SKILL.md).
  • Sanitization: No sanitization or validation of the ingested external content is performed prior to summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — federation-status