skills/dnyoussef/ai-chrome-extension/when-orchestrating-swarm-use-swarm-orchestration/Gen Agent Trust Hub
when-orchestrating-swarm-use-swarm-orchestration
Warn
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill frequently executes commands using
npx claude-flow@alpha. This method downloads and runs code from the npm registry at runtime, which can lead to the execution of malicious code if the third-party package is compromised or created by an untrusted author. - [EXTERNAL_DOWNLOADS]: The skill's primary functionality relies on fetching the
claude-flowpackage and its dependencies from external npm registries during the orchestration process. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its task decomposition and assignment features. Malicious instructions embedded in the user-supplied task descriptions could manipulate the agent's logic during decomposition.
- Ingestion points: The
--taskparameter inSKILL.mdandPROCESS.md(e.g.,npx claude-flow@alpha task decompose --task "..."). - Boundary markers: Absent; task descriptions are treated as trusted strings and interpolated directly into command arguments.
- Capability inventory: Extensive use of subprocess execution (npx), file system operations (archive creation, file writes), and memory storage across
SKILL.mdandPROCESS.mdscripts. - Sanitization: None; there is no validation or filtering of the input task content to prevent instructions from overriding intended behavior.
Audit Metadata