agent-coordinator-swarm-init
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses npx in its pre and post hooks to download and execute the claude-flow@alpha package from the npm registry. This is an external dependency that is not part of the trusted vendors list.
- [COMMAND_EXECUTION]: The skill executes shell commands to perform memory operations, check for existing swarms, and log status updates during the swarm initialization process.
- [PROMPT_INJECTION]: The skill implements a shared memory coordination protocol that retrieves data from the coordination namespace using memory search. This creates an indirect prompt injection surface where malicious data stored in memory could influence agent behavior.
- Ingestion points: Data is ingested through npx claude-flow@alpha memory search in the coordination namespace.
- Boundary markers: No boundary markers or delimiters are defined to separate coordination data from agent instructions.
- Capability inventory: The skill possesses the ability to execute shell commands and modify shared agent memory.
- Sanitization: There is no evidence of sanitization or validation for the data retrieved from the coordination memory.
Audit Metadata