agent-v3-security-architect
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The post_execution hook contains a shell command that directly interpolates the $TASK variable into an npx command. This allows for arbitrary command injection if the task description contains shell metacharacters like backticks, semicolons, or dollar signs.
- [REMOTE_CODE_EXECUTION]: The skill uses npx to download and execute the agentic-flow@alpha package during the post_execution phase. Executing unverified code from a public registry at runtime is a significant security risk.
- [EXTERNAL_DOWNLOADS]: The use of npx in the post_execution hook initiates an external download of the agentic-flow package from the NPM registry.
Audit Metadata