swarm
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill exhibits a significant surface for indirect prompt injection by accepting arbitrary task descriptions and routing them to a multi-agent execution pipeline.
- Ingestion points: The "task description" parameter in the
/oh-my-claudecode:swarmcommand allows untrusted external input to enter the agent context. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the facade to separate task input from agent instructions.
- Capability inventory: Coordinated agents on a shared task list imply broad execution capabilities, including shell commands and file system operations.
- Sanitization: There is no evidence of sanitization or validation of the task description before it is passed to the downstream team of agents.
Recommendations
- AI detected serious security threats
Audit Metadata