ddd-aggregate
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill executes the @claude-flow/cli package from npm via npx to manage pre-task and post-task lifecycle events. This package is consistent with the vendor-aligned tools used in the skill's configuration.
- [COMMAND_EXECUTION]: Shell commands are used for directory creation (mkdir) and executing lifecycle hooks. User input from $ARGUMENTS is interpolated directly into these shell commands and resulting file paths.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests untrusted data via $ARGUMENTS and uses it to construct commands.
- Ingestion points: $ARGUMENTS in SKILL.md.
- Boundary markers: No delimiters or ignore instructions are used to wrap the interpolated user input.
- Capability inventory: File system modification (mkdir, Write, Edit) and remote package execution (npx).
- Sanitization: No technical sanitization or escaping of the user-provided kebab-case strings is implemented before command interpolation.
Audit Metadata