agent-multi-repo-swarm
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands including git and the GitHub CLI (gh). These commands are used to clone repositories, create branches, commit changes, and manage pull requests as part of the orchestration workflow.
- [EXTERNAL_DOWNLOADS]: It invokes the ruv-swarm package using npx. This tool is a vendor-owned resource associated with the author ruvnet and is used for its intended purpose of managing swarm coordination.
- [PROMPT_INJECTION]: The skill processes data from external repositories, such as package.json contents and repository descriptions. While this creates a surface for indirect prompt injection, the skill uses structured data parsing (jq) and performs operations within the context of a controlled GitHub organization.
Audit Metadata