Skills
skills/ruvnet/ruflo/cost-compact-context/Gen Agent Trust Hub

cost-compact-context

Fail

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions define a step to execute a shell command: ( cd v3 && node ../plugins/ruflo-cost-tracker/scripts/compact.mjs "<QUERY>" ). The <QUERY> placeholder represents raw user input. By supplying a query containing shell metacharacters such as backticks, semicolons, or pipe symbols (e.g., "; cat /etc/passwd #"), an attacker can execute arbitrary commands on the host system.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The skill accepts an untrusted <query> argument from the user/agent context (SKILL.md).
  • Boundary markers: No delimiters or instructions are used to distinguish the query content from the surrounding command execution logic.
  • Capability inventory: The skill uses the Bash tool to run local scripts and Node.js commands (SKILL.md).
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the input before it is used in a shell context.
  • [DATA_EXFILTRATION]: While not the primary function, the verified command injection vulnerability enables an attacker to read sensitive files (such as environment variables or local credentials) and exfiltrate them via network-enabled tools like curl or wget which are typically available in shell environments.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 5, 2026, 04:24 AM