dev-swarm-project-restore
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
git submodule add,git submodule update,git checkout, andmvto manage the project structure and restore source code as described inreferences/external-restore.mdandreferences/submodule-restore.md.- [PROMPT_INJECTION]: The skill performs indirect processing of untrusted data by scanning existing project files (e.g.,README,package.json,go.mod) to reverse-engineer documentation inreferences/reverse-engineering.md. This creates an attack surface for indirect prompt injection if those files contain malicious instructions. - Ingestion points:
references/reverse-engineering.md(Step 1) reads contents ofREADME*,package.json,pyproject.toml,Cargo.toml,go.mod, andMakefilefrom the codebase. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified when the agent reads these external files.
- Capability inventory: The agent has permissions to execute Git commands and move files across the filesystem, as defined in
SKILL.mdand related reference files. - Sanitization: No sanitization or validation of the file contents is performed before the agent summarizes the information or generates new documentation files.- [EXTERNAL_DOWNLOADS]: The skill downloads external source code from remote repositories using Git submodule commands based on user-provided URLs in
references/external-restore.md.
Audit Metadata