minoan-swarm
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's automated context discovery mechanism presents a vulnerability surface for indirect prompt injection from malicious content located in project documentation or external issue trackers.\n
- Ingestion points: The
scripts/discover_context.shscript scans and identifies project files such asCLAUDE.md,ROADMAP.md, andSPEC.md, and retrieves external issue data using theghCLI.\n - Boundary markers: The skill currently lacks explicit boundary markers or instructions in its prompt templates (e.g., in
references/team-templates.md) to prevent agents from executing instructions embedded in the discovered data.\n - Capability inventory: The skill utilizes the Agent Teams API to create and manage sub-agents with broad tool access and executes local shell commands via provided scripts for discovery and environment synchronization.\n
- Sanitization: No evidence of sanitization or validation of the content from the discovered artifacts was found before the data is used to generate agent tasks and teammate prompts.\n- [EXTERNAL_DOWNLOADS]: The skill recommends using well-known external services Firecrawl for web scraping and Exa for neural search within its teammate prompt templates. These references are documented neutrally and are consistent with the skill's purpose of research and information retrieval.
Audit Metadata