skills/dnyoussef/ai-chrome-extension/when-using-advanced-swarm-use-swarm-advanced/Gen Agent Trust Hub
when-using-advanced-swarm-use-swarm-advanced
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto dynamically fetch and execute theclaude-flow@alphatool from the npm registry, which is a well-known package service. - [COMMAND_EXECUTION]: The skill executes multiple bash commands to initialize agents, monitor performance in real-time, and run optimization analysis using the
claude-flowCLI. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by processing performance metrics and agent outputs.
- Ingestion points: Data enters the process via
agent metricsandperformance analyzecommand outputs (documented in SKILL.md and PROCESS.md). - Boundary markers: There are no explicit delimiters or instructions provided to ignore potential natural language commands embedded in the metrics data.
- Capability inventory: The skill has the ability to spawn new agent processes, modify network topologies, and execute background shell scripts (documented in SKILL.md and PROCESS.md).
- Sanitization: The workflow uses
jqto parse structured data but lacks explicit logic to sanitize the content against prompt injection before processing by the LLM.
Audit Metadata