sparc-methodology
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill uses 'npx @claude-flow/cli' across multiple commands. This results in the download and execution of code from the npm registry for an organization that is not on the trusted sources list.
- COMMAND_EXECUTION (LOW): The scripts 'sparc-init.sh' and 'sparc-review.sh' accept command-line arguments that are used directly in shell commands like 'mkdir', 'touch', and 'ls'. While these scripts have a limited scope, the lack of input sanitization could allow for basic directory traversal or manipulation if malicious paths are provided.
- PROMPT_INJECTION (LOW): The skill provides an indirect prompt injection surface by interpolating user-provided task descriptions (e.g., [requirements], [feature]) directly into CLI commands. A malicious input could attempt to confuse the underlying agent or the CLI tool, although no explicit jailbreak patterns were detected in the static instructions.
Audit Metadata