swarm-orchestration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The skill executes
npx @claude-flow/cli, which downloads and runs code from an untrusted third-party source on the npm registry at runtime without version pinning. - [Command Execution] (LOW): The shell scripts and markdown commands invoke a CLI tool capable of performing wide-reaching refactoring and file system modifications across multiple modules.
- [Indirect Prompt Injection] (LOW): The skill processes task strings in commands like
orchestrateandroutewithout adequate sanitization, creating an attack surface for indirect prompt injection. Evidence Chain: 1. Ingestion points:--taskarguments inSKILL.md; 2. Boundary markers: Simple double quotes used in command templates; 3. Capability inventory: Codebase-wide refactoring, file creation, and agent spawning via@claude-flow/cli; 4. Sanitization: No sanitization or safety delimiters detected in shell scripts.
Audit Metadata