super-swarm-spark
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted markdown plan files to define subagent tasks.
- Ingestion points: The orchestrator reads task subsections from user-provided plan files in Step 2.
- Boundary markers: The 'Task Prompt Template' lacks explicit delimiters or instructions for subagents to ignore malicious commands embedded in the task content.
- Capability inventory: The orchestrator and subagents can read, edit, and commit files, and execute test commands.
- Sanitization: No input validation or sanitization of the markdown plan content is implemented.
- [COMMAND_EXECUTION]: The orchestrator is designed to execute arbitrary test commands during the integration phase.
- Evidence: Step 6 specifies 'Add or adjust tests... Run required tests... Fix failures.'
- Risk: This functionality could be leveraged to execute malicious code if test suites or plan files are compromised.
Audit Metadata