design-swarm
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection during its multi-agent orchestration flow.\n
- Ingestion points: Untrusted data enters the agent context via the 'target' argument in SKILL.md, which accepts URLs, file paths, and text briefs.\n
- Boundary markers: No explicit delimiters or 'ignore' instructions are used when interpolating this target data into the prompts constructed for the 10 sub-agents.\n
- Capability inventory: The skill includes an 'Implement' phase in SKILL.md that grants a general-purpose agent the capability to perform filesystem writes to apply changes.\n
- Sanitization: There is no evidence of sanitization, validation, or escaping of the ingested target content before it is processed by the agents.\n- [COMMAND_EXECUTION]: The 'Implement' phase defined in SKILL.md allows the agent to modify the target codebase ('implement changes in priority order') based on synthesized reports that may be influenced by untrusted input, creating a path to automated filesystem modification.
Audit Metadata