swarm-teammate
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions create an indirect prompt injection surface by directing the agent to monitor and act on messages from an external inbox.
- Ingestion points: Untrusted data enters the context through the
/claude-swarm:swarm-inboxcommand as specified inSKILL.md. - Boundary markers: The skill lacks instructions for using delimiters or warnings to prevent the agent from executing instructions embedded within coordination messages.
- Capability inventory: The agent is tasked with writing code, running tests, and updating task statuses, which involves terminal and file system access.
- Sanitization: No validation or filtering of incoming message content is defined in the workflow.
- [NO_CODE]: The provided skill contains only Markdown documentation and examples; it does not include any executable scripts, binaries, or configuration files that could pose a direct execution risk.
Audit Metadata