swarm-advanced
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a global Node.js package 'claude-flow@alpha' from an external repository ('ruvnet') which is not on the trusted vendors or well-known services list, posing a potential supply chain risk.
- [COMMAND_EXECUTION]: The orchestration patterns include the execution of shell commands such as 'npx claude-flow', 'npm run test:unit', and others directly on the host system via various tool calls.
- [REMOTE_CODE_EXECUTION]: The tool 'mcp__claude-flow__parallel_execute' accepts arbitrary command strings, which could lead to unauthorized code execution if these strings are constructed from or influenced by untrusted external data.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. 1. Ingestion points: External findings from web searches and academic papers enter the context in the 'Research Swarm' pattern. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are observed in the processing logic. 3. Capability inventory: Includes 'parallel_execute' and 'workflow_execute' for arbitrary command execution. 4. Sanitization: No sanitization of external input is demonstrated before the data is used to drive orchestration tasks.
Audit Metadata