Swarm Orchestration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes the agentic-flow package, which is downloaded and executed using npx. This is the intended behavior for the orchestration framework provided by the author.
- [COMMAND_EXECUTION]: Execution of npx commands like swarm-init and agent-spawn allows the skill to manage processes and agent roles on the local system.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. • Ingestion points: User-provided task descriptions and goals are passed directly to the orchestration engine through the --task argument and the goal property. • Boundary markers: The examples do not include delimiters or instructions to treat the task content as untrusted data. • Capability inventory: The system can spawn specialized agents, such as a coder, which suggests the ability to perform significant actions based on the orchestrated task. • Sanitization: There is no evidence of input validation or sanitization to prevent malicious instructions from being executed by the swarm.
Audit Metadata