rename-swarm
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it ingest untrusted data from local files and processes it using sub-agents.
- Ingestion points: Local files discovered via the Grep tool as described in Step 1 of SKILL.md.
- Boundary markers: The sub-agent prompt template includes a {boundary_constraints} variable for exclusions, but lacks formal delimiters to prevent the agent from following instructions embedded within the files being edited.
- Capability inventory: The skill uses the Task agent to launch sub-agents with the Edit tool for file modification. The main workflow uses Grep for file discovery and devrun for executing verification commands.
- Sanitization: No sanitization or validation of file content is performed before it is passed to the sub-agents for editing.
- [COMMAND_EXECUTION]: The workflow incorporates the execution of search tools and testing agents to verify changes.
- Evidence: Step 1 utilizes the Grep tool to identify target files. Step 5 uses the devrun agent to execute shell commands for running CI tests, type checking, and linting.
Audit Metadata