multi-agent-workforce-planner
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill defines a 'Bash' agent role specialized in executing shell commands, including 'npm install', 'git' operations, and 'build/test' scripts as described in 'references/agent-type-catalog.md'. While this is an intended capability for the multi-agent framework, it represents a powerful execution surface that should be limited to isolated development environments.
- [PROMPT_INJECTION]: The planning process (SKILL.md) involves decomposing 'Feature Specs' and 'Requirements' into tasks. This architecture creates a surface for indirect prompt injection, where an attacker-controlled requirement document could attempt to influence the 'Plan' agent to generate malicious tasks for the 'Bash' or 'Edit' agents.
- Ingestion points: Feature specifications and product requirements entering the planning flow in 'SKILL.md'.
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are present in the provided workstream templates.
- Capability inventory: The framework explicitly facilitates shell command execution (Bash agent) and file write operations (Edit agent) across the workflow.
- Sanitization: There is no evidence of input validation or sanitization logic for processed requirements within the skill's planning templates.
Audit Metadata