swarm-coordination
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a multi-agent communication channel through handoff files and issue comments, creating an attack surface for indirect prompt injection.
- Ingestion points: The agent reads and processes data from
.claude/hooks/.state/handoff.jsonand the output of variousbdcommands (e.g.,bd comment,bd ready). - Boundary markers: There are no defined delimiters or instructions to ignore embedded commands within the handoff messages or issue context.
- Capability inventory: The skill is granted access to the
BashandWritetools, which could be used to execute commands or modify the codebase based on instructions received from other agent instances. - Sanitization: The skill does not specify any validation, escaping, or filtering for the content ingested from the shared multi-agent state.
Audit Metadata