Skills
skills/ruvnet/claude-flow/wasm-gallery/Gen Agent Trust Hub

wasm-gallery

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves agent configurations and metadata from a community gallery. Since the content is community-contributed and unverified, it presents a risk of downloading malicious configuration files.\n- [REMOTE_CODE_EXECUTION]: The mcp__claude-flow__wasm_agent_create tool is used to install and run WASM agents from the community gallery. This constitutes dynamic code execution from an untrusted external source, which could be malicious.\n- [COMMAND_EXECUTION]: The inclusion of the Bash tool in the allowed-tools list provides an expansive capability that could be abused if malicious instructions are ingested from a community agent configuration.\n- [PROMPT_INJECTION]: The skill lacks sanitization and boundary markers for data ingested from the community gallery, creating a surface for indirect prompt injection.\n
  • Ingestion points: Community gallery metadata and agent configurations (SKILL.md).\n
  • Boundary markers: None present; the agent is not instructed to treat gallery content as untrusted data.\n
  • Capability inventory: mcp__claude-flow__wasm_agent_create, Bash.\n
  • Sanitization: No validation or filtering is specified for the data retrieved from the gallery before use.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:23 PM
Security Audit — agent-trust-hub — wasm-gallery