open-multi-agent-orchestration
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the '@jackchen_me/open-multi-agent' package from the npm registry. This dependency is not maintained by the skill author or a recognized trusted organization, which introduces a potential supply chain risk.\n- [COMMAND_EXECUTION]: The framework includes a built-in 'bash' tool that allows agents to execute arbitrary shell commands. This capability significantly increases the impact of any potential compromise or malicious instruction execution.\n- [PROMPT_INJECTION]: The orchestration framework is susceptible to indirect prompt injection due to its handling of external task descriptions and user prompts. \n
- Ingestion points: Untrusted data enters the agent context through 'orchestrator.runAgent', 'orchestrator.runTeam', or 'orchestrator.runTasks' calls defined in SKILL.md. \n
- Boundary markers: No explicit delimiters or instructions are provided to the agents to distinguish between system orchestration commands and data-driven task content. \n
- Capability inventory: Agents are granted high-privilege tool access, including 'bash' for shell execution and multiple file system tools ('file_write', 'file_edit', 'file_read'). \n
- Sanitization: The documentation does not specify any validation, escaping, or filtering of external content before it is processed by the agents or their tools.
Audit Metadata