worker-integration
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation instructs users to execute
npx agentic-flow. This command downloads and runs code from the npm registry. Neither the packageagentic-flownor its author 'agentic-flow' are on the list of trusted organizations, posing a risk of executing unverified external code. - [COMMAND_EXECUTION] (MEDIUM): The use of
npxcombined with parameters likeworkers agents ultralearntriggers command execution. Since the underlying package is from an untrusted source, these commands could perform unauthorized actions on the host system. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill utilizes a self-learning feedback loop and memory coordination across multiple agents.
- Ingestion points: Performance metrics (quality scores, latency) and memory keys (
{trigger}/{topic}/{phase}) inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded content were found in the provided documentation.
- Capability inventory: The skill dispatches tasks to various specialized agents (researcher, coder, security-analyst) based on ingested performance data.
- Sanitization: No evidence of sanitization or validation of the ingested feedback or memory content before it influences agent selection logic was found.
Audit Metadata