Reasoning Tracer

Name: swing-skills/swing-trace
Author: TheStack-ai

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill allows arbitrary shell command execution and file

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Reasoning Tracer: Anti-black-box engine that makes reasoning chains visible, auditable, and decomposable.

Actually does

The `swing-trace` skill instructs the AI to deconstruct its own reasoning into a structured, auditable format, including atomic claims, assumptions with criticality and verifiability ratings, decision forks, confidence decomposition, and identification of the weakest link. It operates in quick or full modes, generating detailed textual output. While its core function is internal reasoning decomposition, it is allowed to use tools like `Read`, `Grep`, `Glob`, `Bash`, and `Agent` to gather information that informs its reasoning process.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction4 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

NameTheStack-ai/swing-skills/swing-trace

Registrygithub

Versiona9f63b0c0987

PURLpkg:github/TheStack-ai/swing-skills@a9f63b0c0987?skill=swing-trace

Stars32

Source

Repository ↗SKILL.md ↗

SHA-25619a2cce85182...

SHA-147c0ccb29c46...

MD5dcb29647ba2d...

TLSH2772d6672e44...

ssdeep384:g5jYvYjD...

Size16,959 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/TheStack-ai/swing-skills/tree/main/skills/swing-trace

Claude CodeDocs

/plugin marketplace add TheStack-ai/swing-skills

/plugin install swing-trace@TheStack-ai/swing-skills

Skills.shDocs

npx skills add https://github.com/TheStack-ai/swing-skills --skill swing-trace

Assessments (3)

AI Agent Traps ↗

Shell command execution function detectedcriticalcommand execution

Shell command execution function detected

100% confidenceline 276

system (

Arbitrary Command Execution via Bashcriticalcommand execution

The skill is explicitly granted access to the `Bash` tool, enabling it to execute arbitrary shell commands on the host system. This capability poses a severe risk for system compromise, data manipulation, and resource abuse.

100% confidenceline 5

allowed-tools: Read, Grep, Glob, Bash, Agent

Sensitive Data Access and Exfiltrationhighdata exfiltration

The combination of `Read`, `Grep`, and `Glob` tools allows the agent to access, search, and enumerate files across the file system. This capability, especially when combined with `Bash`, can be leveraged for sensitive data exfiltration or system reconnaissance.

100% confidenceline 5

allowed-tools: Read, Grep, Glob, Bash, Agent

Sub-Agent Spawning and Potential Cascading Attacksmediumsub agent spawning

Access to the `Agent` tool allows this skill to invoke or spawn other agents. This could be abused to delegate tasks with attacker-controlled prompts, potentially leading to cascading attacks or resource abuse across multiple agents.

100% confidenceline 5

allowed-tools: Read, Grep, Glob, Bash, Agent

Social Engineering of Human Overseerlowhuman social engineering

The skill's structured output, particularly the 'Weakest Link' and 'Alternative Conclusion' sections, is designed to guide human verification and build trust. This format could be exploited by a malicious input to subtly mislead a human overseer or misdirect their attention.

70% confidenceline 105

Weakest Link is MANDATORY. ... Alternative Conclusion: If [weakest assumption] is wrong, then: [Alternative conclusion...]

Cognitive State Poisoning via Trace Outputlowmemory poisoning

If the detailed reasoning traces generated by this skill are used as input for RAG systems or as few-shot examples, a malicious input could cause the skill to generate a trace containing false assumptions or manipulated conclusions, thereby poisoning the agent's knowledge base.

60% confidenceline 1

The entire skill content describes generating detailed reasoning traces with assumptions, conclusions, and alternatives.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/TheStack-ai/swing-skills/swing-trace.svg)](https://mondoo.com/ai-agent-security/skills/github/TheStack-ai/swing-skills/swing-trace)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/TheStack-ai/swing-skills/swing-trace"><img src="https://mondoo.com/ai-agent-security/api/badge/github/TheStack-ai/swing-skills/swing-trace.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/TheStack-ai/swing-skills/swing-trace.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow