Skills
skills/ruvnet/claude-flow/agent-v3-queen-coordinator/Gen Agent Trust Hub

agent-v3-queen-coordinator

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill's pre_execution and post_execution hooks use npx agentic-flow@alpha. This downloads a package from the npm registry at runtime. Since agentic-flow is not a verified trusted source and the skill specifies the @alpha tag, the executed code is unverifiable and could change at any time.
  • COMMAND_EXECUTION (LOW): The skill executes various shell commands including jq, cat, and the GitHub CLI (gh). This is used for local data processing and environment checks.
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface (Category 8). The skill is designed for 'GitHub issue management,' which requires processing untrusted external data.
  • Ingestion points: Content from GitHub issues.
  • Boundary markers: No delimiters or 'ignore' instructions are used in the shell scripts to isolate external content.
  • Capability inventory: Subprocess execution via npx and gh, and temporary file writes.
  • Sanitization: There is no evidence of sanitization or validation of the data retrieved from GitHub before it is processed by the agent.
  • DATA_EXFILTRATION (LOW): The post_execution hook sends session metadata (task name, agent ID, and status) to the agentic-flow command. While this appears to be for telemetry or state management, it involves transferring internal agent context to an external package.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:12 PM