hive-mind-advanced
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'claude-flow' CLI via npx to perform operations such as system initialization, worker swarm spawning, and session management. These are standard tool-based operations associated with the vendor 'ruvnet'.
- [EXTERNAL_DOWNLOADS]: Dependency management is handled through npx, which fetches and executes the 'claude-flow' package from the npm registry. This resource is identified as a verified vendor-owned asset.
- [PROMPT_INJECTION]: The skill features a surface for indirect prompt injection as it ingests arbitrary objective strings to direct worker agents.
- Ingestion points: Task objectives passed to the 'spawn' command.
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided for processed objectives.
- Capability inventory: Subprocess execution via npx and persistent storage in a local SQLite database.
- Sanitization: The instructions do not define sanitization or validation logic for the input objective strings.
Audit Metadata