Multi-Agent Architect
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- Indirect Prompt Injection (SAFE): The manifest.yaml defines an ingestion surface for untrusted data via 'objectives' and 'tasks' fields. However, as the skill contains no executable logic or prompt templates to process these inputs, the vulnerability surface is non-functional in this context.
- Automated Scan Alert (SAFE): The alert for 'logger.info' is dismissed as a false positive. The string does not appear in the provided files, and the detection likely stems from the scanner misinterpreting the dot-notation logging paths ('multi_agent.architecture.decisions') or standard library logging patterns.
- Dependency Verification (SAFE): The manifest includes precondition checks for 'crewai' and 'langgraph'. These are well-established libraries in the AI orchestration ecosystem and the manifest only checks for their presence rather than executing arbitrary installation scripts.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata