stream-chain
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill describes pipelines that ingest data from untrusted sources such as CSV files, API responses, and Git history, which is then used as context for subsequent agent actions. This structure is vulnerable to indirect prompt injection if the ingested data contains instructions that the agent might obey. • Ingestion points: File
SKILL.mdmentions data extraction from APIs and files. • Boundary markers: No markers or delimiters are defined to separate untrusted data from system instructions. • Capability inventory: Agents can perform sensitive operations like refactoring code and generating tests. • Sanitization: No validation or cleaning of external data is specified. - [COMMAND_EXECUTION]: The skill documentation details the use of the
claude-flowCLI to execute sequences of commands that analyze, modify, and optimize codebase files. - [NO_CODE]: The skill consists entirely of markdown documentation and metadata with no accompanying source code or executable binaries.
Audit Metadata