agent-swarm
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): This skill exhibits a high vulnerability to Indirect Prompt Injection (Category 8) due to its orchestration capabilities.
- Ingestion points: Untrusted data enters the agent context through the
taskparameter in themcp__flow-nexus__task_orchestratetool call. - Boundary markers: The skill instructions provide no delimiters or 'ignore' directives to separate the system instructions from the content of the task being processed.
- Capability inventory: The skill possesses significant capabilities including spawning new agent processes via
mcp__flow-nexus__agent_spawn, modifying environment scale withmcp__flow-nexus__swarm_scale, and executing complex workflows throughmcp__flow-nexus__task_orchestrate. - Sanitization: There is a total absence of instructions regarding the validation or escaping of external content before it is interpolated into tool calls. A malicious task description could contain instructions that hijack the orchestrator or cause unauthorized resource consumption across the swarm.
Recommendations
- AI detected serious security threats
Audit Metadata