Skills
skills/ruvnet/claude-flow/intelligence-route/Gen Agent Trust Hub

intelligence-route

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx @claude-flow/cli@latest to execute commands. This fetches the package from the npm registry at runtime. Using the @latest tag is a security risk as it allows the execution of unversioned code that could be modified in the registry without notice.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to run CLI commands and record task outcomes using mcp tool call. This execution environment provides the agent with the ability to run arbitrary shell commands defined in the routing steps.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the <task-description> input.
  • Ingestion points: The task-description is accepted as an argument in SKILL.md and passed to several tools.
  • Boundary markers: There are no boundary markers or instructions to sanitize the input before it is interpolated into shell commands.
  • Capability inventory: The skill has access to the Bash tool and can execute remote code via npx.
  • Sanitization: No sanitization or validation of the task description is performed before it is passed to CLI arguments like --task "description" or --description "description", which could lead to command injection if the input contains shell metacharacters.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:22 PM
Security Audit — agent-trust-hub — intelligence-route