cost-federation
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to run a local script (
node plugins/ruflo-cost-tracker/scripts/federation.mjs) to aggregate federated spend events. This is a standard administrative task within the skill's defined scope. - [PROMPT_INJECTION]: The skill processes data from a shared 'federation-spend' storage namespace which could contain untrusted data from other peers in a federation, creating a surface for indirect prompt injection.
- Ingestion points: Data is read from the 'federation-spend' namespace as described in SKILL.md.
- Boundary markers: The instructions do not define specific delimiters to separate this external data from the agent's instructions.
- Capability inventory: The skill is granted access to the
Bashtool to execute monitoring scripts. - Sanitization: No explicit data sanitization or validation logic is detailed in the skill instructions.
Audit Metadata