Skills
skills/ruvnet/claude-flow/agent-goal-planner/Gen Agent Trust Hub

agent-goal-planner

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes external task strings which creates a surface for indirect prompt injection.\n
  • Ingestion points: The task parameter in the mcp__claude-flow__task_orchestrate tool call within SKILL.md.\n
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands for the external task data.\n
  • Capability inventory: Task orchestration via mcp__claude-flow__task_orchestrate, agent swarm management via mcp__claude-flow__swarm_init, and data persistence via mcp__claude-flow__memory_usage (all defined in SKILL.md).\n
  • Sanitization: Absent; no escaping or validation of external input is described.\n- No Code (SAFE): No executable scripts (Python, JavaScript, Shell) or package dependencies were detected in the skill package, limiting the execution-based attack surface.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:12 PM