skills/dnyoussef/ai-chrome-extension/when-chaining-agent-pipelines-use-stream-chain/Gen Agent Trust Hub
when-chaining-agent-pipelines-use-stream-chain
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation and scripts utilize
npxto download and execute theclaude-flow@alphapackage. This is the primary method for using the vendor's orchestration tool and involves remote code execution at runtime. - [COMMAND_EXECUTION]: The skill performs shell command execution to manage the lifecycle of agents and the execution of the data pipeline. Specifically, it uses subcommands like
agent spawnto create sub-processes andpipeline executeto run workflows. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface due to its design of chaining multiple agent stages together.
- Ingestion points: Data enters the agent context through input files like
initial-data.jsonand flows between stages via memory and streaming channels as described inSKILL.md. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the passed data mentioned in the workflow or scripts.
- Capability inventory: The pipeline orchestration involves capabilities such as spawning new agent processes (
agent spawn) and executing multi-stage logic (pipeline execute) acrossSKILL.mdandPROCESS.md. - Sanitization: No evidence of data sanitization, escaping, or schema validation was found to prevent adversarial content in one agent's output from influencing the behavior of downstream agents.
Audit Metadata