when-orchestrating-swarm-use-swarm-orchestration

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill frequently executes commands using npx claude-flow@alpha. This method downloads and runs code from the npm registry at runtime, which can lead to the execution of malicious code if the third-party package is compromised or created by an untrusted author.
  • [EXTERNAL_DOWNLOADS]: The skill's primary functionality relies on fetching the claude-flow package and its dependencies from external npm registries during the orchestration process.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its task decomposition and assignment features. Malicious instructions embedded in the user-supplied task descriptions could manipulate the agent's logic during decomposition.
  • Ingestion points: The --task parameter in SKILL.md and PROCESS.md (e.g., npx claude-flow@alpha task decompose --task "...").
  • Boundary markers: Absent; task descriptions are treated as trusted strings and interpolated directly into command arguments.
  • Capability inventory: Extensive use of subprocess execution (npx), file system operations (archive creation, file writes), and memory storage across SKILL.md and PROCESS.md scripts.
  • Sanitization: None; there is no validation or filtering of the input task content to prevent instructions from overriding intended behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 03:22 AM
Security Audit — agent-trust-hub — when-orchestrating-swarm-use-swarm-orchestration