swarm-orchestration
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions to download and execute an installation script for the Kitty terminal from its official domain (sw.kovidgoyal.net), which is a well-known technology service.
- [COMMAND_EXECUTION]: The skill is designed to orchestrate background processes. Commands like /swarm-spawn and /swarm-send-text allow the orchestrator to create new Claude instances and send raw text to their terminal sessions. These capabilities are fundamental to the skill's purpose but involve significant system interaction.
- [PROMPT_INJECTION]: The skill handles communication between agents, which introduces a surface for indirect prompt injection if an agent is influenced by malicious input.
- Ingestion points: The skill reads data from agent-controlled files in the team's inbox directory via the /swarm-inbox and /swarm-join commands.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the inter-agent messages.
- Capability inventory: The coordinating agent has extensive control over the environment, including the ability to spawn new processes and execute terminal commands.
- Sanitization: The skill does not implement documented sanitization or filtering for the content of messages received from other agents.
Audit Metadata