swarm-developer-guide
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands to manage the development lifecycle.
- Evidence: Commands include 'python3' for status updates, 'make build' and 'make test' for validation, and 'git'/'gh' for version control and pull request management.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and follows instructions from external files that may be user-controlled.
- Ingestion points: The agent is directed to read and implement instructions from a '' and 'CLAUDE.md'.
- Boundary markers: The instructions specify using 'PHASE' comment markers (e.g., '') to isolate content, which provides some structure but does not prevent malicious instruction following.
- Capability inventory: The agent possesses significant system capabilities, including arbitrary command execution via 'make' and network-enabled repository operations via 'git' and 'gh'.
- Sanitization: There is no evidence of sanitization or safety-filtering for the content ingested from the plan files or project documentation.
Audit Metadata