Skills
skills/yonatangross/orchestkit/swarm-migrate/Gen Agent Trust Hub

swarm-migrate

Warn

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill parses a YAML specification file and executes shell commands provided in the transform.command and verify.command fields across multiple git repositories. This provides a mechanism for arbitrary code execution within the local environment.
  • [DATA_EXFILTRATION]: By utilizing the Agent tool and the gh CLI to push branches and create Pull Requests, the skill could be leveraged to exfiltrate source code or credentials from multiple local repositories to an attacker-controlled GitHub repository if a malicious spec is used.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its execution flow and command logic are determined by the contents of an external YAML file.
  • Ingestion points: The skill reads migration specifications from files matching the swarm-specs/*.yaml pattern.
  • Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands within the ingested data.
  • Capability inventory: The skill has access to Bash for command execution, the Agent tool for task delegation, and the gh tool for network operations.
  • Sanitization: While Phase 1 validates the existence of paths and repos, it does not sanitize or restrict the actual shell commands executed during the transformation and verification phases.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 28, 2026, 10:05 AM
Security Audit — agent-trust-hub — swarm-migrate