swarm-coordination
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs authoritative language and 'Iron Laws' (e.g., 'MANDATORY', 'ALWAYS', 'NEVER') to override standard agent decision-making and dictate specific operational constraints.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its results aggregation and task distribution patterns.
- Ingestion points: Untrusted data enters the context via sub-agent worker reports during the 'Results Aggregation' phase described in
SKILL.md. - Boundary markers: The skill encourages the use of structured Markdown headers and handoff templates, which act as weak boundaries.
- Capability inventory: The skill has access to
Bash,Write,Edit, andTaskspawning capabilities. - Sanitization: No explicit sanitization or validation logic is provided for worker reports before they are processed by the 'Queen' agent.
- [COMMAND_EXECUTION]: The 'Memory Protocol' in
SKILL.mdexplicitly instructs the agent to execute shell commands (cat .claude/context/memory/learnings.md) to read internal project state files, which could be exploited if file paths are manipulated.
Audit Metadata