agent-release-swarm
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes frequent use of
npx ruv-swarmwithin its lifecycle hooks (pre_task,post_edit, etc.) and command examples. This command fetches and executes the 'ruv-swarm' package from the npm registry. Since this package belongs to the skill's author ('ruvnet'), it is categorized as a standard vendor-provided functional component. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute a wide array of commands including GitHub CLI (gh), Docker, and NPM. These commands are used to manage releases, create pull requests, build artifacts, and deploy code, which is consistent with the stated purpose of software orchestration. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its handling of external repository data.
- Ingestion points: Data from the GitHub API, including commit messages (
COMMITS), merged pull request details (MERGED_PRS), and contributor information, is retrieved using theghCLI. - Boundary markers: There are no delimiters or instructions provided to the agent to treat these variables as untrusted or to ignore embedded instructions within the commit or PR text.
- Capability inventory: The skill possesses significant capabilities, including the ability to execute shell scripts, write files, perform network fetches, and use GitHub MCP tools to modify repository state (pushing files, merging PRs).
- Sanitization: The skill lacks any visible mechanisms for sanitizing, validating, or escaping the content retrieved from GitHub before it is passed to the AI swarm agents for processing or changelog generation.
Audit Metadata