when-chaining-agent-pipelines-use-stream-chain

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill documentation and scripts utilize npx to download and execute the claude-flow@alpha package. This is the primary method for using the vendor's orchestration tool and involves remote code execution at runtime.
  • [COMMAND_EXECUTION]: The skill performs shell command execution to manage the lifecycle of agents and the execution of the data pipeline. Specifically, it uses subcommands like agent spawn to create sub-processes and pipeline execute to run workflows.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface due to its design of chaining multiple agent stages together.
  • Ingestion points: Data enters the agent context through input files like initial-data.json and flows between stages via memory and streaming channels as described in SKILL.md.
  • Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the passed data mentioned in the workflow or scripts.
  • Capability inventory: The pipeline orchestration involves capabilities such as spawning new agent processes (agent spawn) and executing multi-stage logic (pipeline execute) across SKILL.md and PROCESS.md.
  • Sanitization: No evidence of data sanitization, escaping, or schema validation was found to prevent adversarial content in one agent's output from influencing the behavior of downstream agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:22 AM
Security Audit — agent-trust-hub — when-chaining-agent-pipelines-use-stream-chain