Swarm Orchestration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on
npx agentic-flowto initialize swarms and orchestrate tasks. This command downloads and executes code from the npm registry. Since 'agentic-flow' is not a pre-approved trusted source, this represents an unverified third-party dependency. - COMMAND_EXECUTION (MEDIUM): The documentation encourages the execution of multiple subprocesses via
npxfor agent spawning and task management. These commands operate with the permissions of the local environment. - PROMPT_INJECTION (LOW): The skill exposes an attack surface for indirect prompt injection by accepting arbitrary strings for tasks and goals (e.g.,
--task "Build REST API"). These inputs are interpolated into the orchestration logic. - Evidence Chain for Indirect Prompt Injection:
- Ingestion points:
task-orchestrate --task,swarm.autoOrchestrate({ goal }), andswarm.memory.store. - Boundary markers: Absent; there are no visible delimiters to separate instructions from data.
- Capability inventory: Orchestrates multiple agents to perform complex tasks like building APIs or writing code.
- Sanitization: None detected; user-provided goal and task strings are used directly.
Audit Metadata