worker-integration
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions and examples utilize
npx agentic-flow, which fetches and executes code from the npm registry. This is documented as the primary method for interacting with the agentic-flow ecosystem and represents standard vendor functionality. - [COMMAND_EXECUTION]: The skill provides several command-line examples for managing workers and viewing metrics using the
agentic-flowCLI tool. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it processes external triggers (e.g.,
ultralearn,optimize) and topic names to dispatch tasks to other agents. - Ingestion points: Data enters the system via trigger types and topic names used in memory key patterns (e.g.,
{trigger}/{topic}/{phase}). - Boundary markers: There are no explicit instructions provided for the agent to use boundary markers or delimiters when handling these inputs.
- Capability inventory: The skill dispatches tasks to various specialized agents (researcher, coder, security-analyst) which may have file-system or network capabilities.
- Sanitization: No explicit sanitization or validation of the input triggers or topics is mentioned in the provided instructions.
Audit Metadata