skills/l3wi/agents-workflow/swarm/Gen Agent Trust Hub

swarm

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it reads and acts upon instructions stored in local files such as implementation plans and task lists.
  • Ingestion points: The orchestrator reads data from docs/plans/{feature-name}.md and docs/tasks/{feature-name}-phase-*.md to configure worker agents.
  • Boundary markers: No explicit safety delimiters or "ignore instructions" warnings are described when passing task content to the agent_spawn tool.
  • Capability inventory: The orchestrator has the ability to execute shell commands (git, gh, bun) and spawn new agents with access to the local codebase.
  • Sanitization: Content from these local files is interpolated into agent parameters without explicit escaping or validation.
  • [COMMAND_EXECUTION]: The skill automates the execution of local project commands such as bun run lint, bun run test, and bun run build. While this is standard for development tools, it involves executing code within the local repository that may have been modified by worker agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:07 PM
Security Audit — agent-trust-hub — swarm