agent-swarm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): Exposure of local system metadata and directory structure.
- File:
test_swarm.py - Evidence: The script hardcodes an absolute path
C:\Users\Oliver\.claude\skills\agent-swarmwhich leaks the local username ('Oliver') and the installation environment of the AI agent. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface (Category 8).
- File:
test_swarm.py - Ingestion Points: User-controlled strings are passed to
swarm.process_user_request(test_request). - Boundary Markers: None observed in the provided testing code; the input is interpolated directly into the agent's logic.
- Capability Inventory: The
SmartCacheclass incache.pyprovides file-writing capabilities viajson.dump, and the swarm logic implies the creation of sub-agents with varying roles. - Sanitization: No sanitization or validation of the
test_requestinput is performed before processing. - [COMMAND_EXECUTION] (SAFE): Dynamic modification of the search path.
- File:
test_swarm.py - Evidence: The use of
sys.path.insert(0, skill_dir)is a common development pattern for local module resolution and is not considered malicious in this context.
Audit Metadata