swarm-protocol
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates development workflows by executing system commands.
- Evidence: Uses
git worktree addto create isolated environments andnpm runfor quality gates (SKILL.md). - [COMMAND_EXECUTION]: Integrates with Supabase for database operations.
- Evidence: Executes
supabase db push,supabase login, andsupabase link(references/supabase-deployment.md). - [EXTERNAL_DOWNLOADS]: References external network requests for system verification.
- Evidence: Includes a
curlcommand to a placeholder health check endpoint athttps://api.example.com/health(references/supabase-deployment.md). - [PROMPT_INJECTION]: Ingests potentially untrusted data from the local file system which represents an indirect prompt injection surface.
- Ingestion points: Reads plan files from
~/.claude/plans/for project initialization (SKILL.md). - Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded commands in plans.
- Capability inventory: High-privilege actions including
gitfile manipulation,supabasedatabase deployment, and subagent dispatch via theAgenttool. - Sanitization: Absent; no validation or escaping of plan content is described before processing.
Audit Metadata