agent-swarm

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) This skill's documentation and design are functionally coherent with its stated purpose (multi‑agent orchestration for analysis and optional execution). There is no evidence of embedded malware or obfuscated backdoors in the supplied document. However, the execution capabilities (writing files, running Bash, running tests) combined with unspecified external model/telemetry endpoints and cached persisted results create a meaningful supply‑chain/data‑exfiltration risk if the runtime environment grants broad filesystem and network privileges. Recommend treating this skill as sensitive: require explicit runtime consent, least privilege for WorkerAgents (read vs write), clear, auditable model endpoints and credential handling, explicit opt‑in for caching/telemetry, and safe default of dry‑run/no writes for code review mode. Overall classification: suspicious due to high privilege execution footprint and underspecified external data flows; not clearly malicious in itself. LLM verification: This SKILL.md describes a powerful orchestrator that legitimately needs to read repo files and spawn agents, but it also gives Agents the ability to execute Bash and modify files without describing sandboxing, permission checks, or trusted endpoints. The included static scanner finding referencing destructive shell commands increases concern. I classify this skill as SUSPICIOUS: it has plausible legitimate use, but the broad execution privileges (Bash, file edits), opaque model endpoints, and an