stream-chain
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates multi-agent chaining where output from one step is used as context for the next. This architecture creates an inherent surface for indirect prompt injection (Category 8) if the data being processed contains adversarial instructions.
- Ingestion points: The
runandpipelinecommands sequentially process prompts and the outputs of previous agent steps as described in SKILL.md. - Boundary markers: The documentation mentions using simple textual headers like "Previous step output:" which may not be sufficient to prevent the agent from obeying instructions embedded within that data.
- Capability inventory: Orchestrates agents within the
claude-flowecosystem, which typically has tool-use capabilities including file system access and command execution. - Sanitization: No explicit data validation or instruction filtering is implemented between chain steps in the provided workflow documentation.
- [NO_CODE]: This skill consists entirely of markdown documentation and YAML frontmatter; no executable scripts, binaries, or source code files are provided.
Audit Metadata