creating-workflows
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies heavily on
claude-flow@alpha, a third-party package installed vianpm install -gor executed vianpx. This package is not from a trusted organization and its security posture is unverified. - REMOTE_CODE_EXECUTION (MEDIUM): The extensive use of
npx claude-flow@alphawithin suggested workflow scripts results in the automatic download and execution of remote code from the npm registry whenever the workflow is run. - COMMAND_EXECUTION (MEDIUM): The skill instructs users to copy a template script (
workflow-script-template.sh), grant it execution permissions (chmod +x), and run it. These scripts utilize high-privilege capabilities such as multi-agent orchestration and file editing (agent booster edit). - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data is read from
TASK.mdin therun_phase1function. - Boundary markers: No boundary markers or 'ignore' instructions are present when interpolating
$(cat TASK.md)into thenpxcommand. - Capability inventory: The skill includes agents with 'development' strategies capable of code changes, and tools for GitHub automation and file editing.
- Sanitization: There is no evidence of input sanitization before passing the content of
TASK.mdto the agent swarm.
Audit Metadata