agent-sona-learning-optimizer
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx claude-flow@alphato download and execute code from the NPM registry during task lifecycle hooks. - [COMMAND_EXECUTION]: Shell commands are executed via
npxto initialize trajectories and record outcomes using theclaude-flowpackage. - [REMOTE_CODE_EXECUTION]: The pattern
npx claude-flow@alphainvolves fetching a remote package and executing it in the local environment, which is a form of remote code execution. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because the
$TASKvariable is interpolated directly into a shell command (npx claude-flow@alpha hooks pre-task --description "$TASK"). Malicious content within the task description could be used to execute arbitrary shell commands. - Ingestion points: User-provided
$TASKdescription used in pre-task hooks. - Boundary markers: None present to delimit user input from the command structure.
- Capability inventory: Subprocess execution via
npxand package installation. - Sanitization: No evidence of sanitization or escaping for the
$TASKvariable before shell interpolation.
Audit Metadata