agent-v3-queen-coordinator
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the npx command to download and execute the agentic-flow package at runtime from the npm registry.
- [COMMAND_EXECUTION]: Pre-execution and post-execution hooks execute shell commands to manage agent state and GitHub CLI authentication.
- [COMMAND_EXECUTION]: The post-execution hook interpolates the $TASK variable directly into a shell command string. This allows for potential command injection if the task description contains shell-sensitive characters like backticks or semicolons.
Audit Metadata