swarm
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches version metadata and the official changelog from Anthropic's public GitHub repository to ensure runtime compatibility and feature availability.
- [COMMAND_EXECUTION]: To support its primary purpose of orchestration, the skill dynamically generates and executes management commands for various sub-agent backends including gc, Codex CLI, and Claude Native Teams.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting wave data from external JSON files (via the
--from-waveflag). - Ingestion points:
scripts/ol-wave-loader.shparses and validates wave entries from local JSON files. - Boundary markers: Data from the JSON file (id, title, spec_path) is interpolated into task descriptions without explicit boundary delimiters.
- Capability inventory: The skill utilizes powerful tools such as
Bash,Task,TeamCreate, andSendMessageto execute its workflow. - Sanitization: Input validation is performed in
scripts/ol-wave-loader.shto prevent command injection via control characters (newlines/tabs) and usesjqfor structured parsing.
Audit Metadata