Skills
skills/ruvnet/ruflo/managed-agent/Gen Agent Trust Hub

managed-agent

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The managed_agent_create tool allows for the installation of arbitrary software packages from multiple registries including pip, npm, apt, cargo, gem, and go within the managed container environment.
  • [REMOTE_CODE_EXECUTION]: The skill enables remote code execution through the initScript parameter in the managed_agent_create tool, which runs code during the initialization of the cloud session.
  • [COMMAND_EXECUTION]: The skill provides access to the Bash tool and facilitates the execution of shell commands within the cloud-hosted agent environment via the managed_agent_prompt tool.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by processing external messages that drive an agent with significant system-level capabilities.
  • Ingestion points: The message argument in the managed_agent_prompt tool (SKILL.md).
  • Boundary markers: No specific delimiters or safety instructions are defined to separate user data from agent instructions.
  • Capability inventory: managed_agent_create (package installation, initialization scripts) and the Bash tool (SKILL.md).
  • Sanitization: No input validation or sanitization logic is specified in the skill configuration.
  • [NO_CODE]: The skill consists entirely of markdown instructions and tool declarations in SKILL.md and does not provide any external scripts or binary files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 03:11 PM
Security Audit — agent-trust-hub — managed-agent