Skills
skills/ruvnet/claude-flow/observe-trace/Gen Agent Trust Hub

observe-trace

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation references a CLI alternative using npx @claude-flow/cli@latest, which downloads the utility from the npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: The provided CLI alternative utilizes npx to execute the @claude-flow/cli package directly from the remote registry.
  • [PROMPT_INJECTION]: The skill ingests and summarizes trace span data, creating a potential surface for indirect prompt injection.
  • Ingestion points: Trace span metadata retrieved via mcp__claude-flow__memory_search from the observability namespace in SKILL.md.
  • Boundary markers: No specific delimiters or boundary instructions are present to isolate the retrieved span metadata from the agent's synthesis logic.
  • Capability inventory: The skill has access to the Bash tool and various context synthesis tools.
  • Sanitization: No explicit validation or sanitization of the retrieved span content is performed before it is summarized and reported.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — observe-trace