Skills
skills/ruvnet/claude-flow/monitor-stream/Gen Agent Trust Hub

monitor-stream

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the @claude-flow/cli package from the public npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: By invoking npx @claude-flow/cli@latest, the skill executes code downloaded from a remote repository. The use of the @latest tag means the code executed is not pinned to a specific version, allowing for the execution of unvetted updates.
  • [PROMPT_INJECTION]: The skill implements real-time monitoring of agent and task events, which presents an attack surface for indirect prompt injection.
  • Ingestion points: Real-time event stream (NDJSON) generated by the swarm watch --stream command.
  • Boundary markers: There are no markers or system instructions to distinguish untrusted event data from authoritative instructions.
  • Capability inventory: The skill has the ability to execute shell commands (via Bash restricted to npx) and interact with MCP swarm status tools.
  • Sanitization: The skill lacks any sanitization or validation logic for the content of the streamed events.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 01:22 PM
Security Audit — agent-trust-hub — monitor-stream