swarm-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to handle and act upon data provided by other agents, which creates a significant surface for indirect prompt injection.
- Ingestion points: The agent ingests untrusted data through tools such as
read-messages,get-tasks,get-task-details, andpoll-taskas described inMCP-REFERENCE.md. - Boundary markers: The skill documentation does not provide instructions for using delimiters or boundary markers to distinguish agent-provided data from system-level instructions.
- Capability inventory: The skill possesses capabilities to create and assign tasks (
send-task,task-action), communicate in channels (post-message), and register services (register-service). - Sanitization: There are no documented procedures for sanitizing or validating the content of messages or task descriptions before they are processed.
- [No Code] (SAFE): The provided files consist solely of markdown documentation and reference information; no scripts, binaries, or automated installation processes are included in the skill.
Audit Metadata