multi-agent-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because the agent is instructed to read and rely on status files generated by other potentially less-trusted agents.\n
- Ingestion points: Reads
progress-{agent}.mdfiles as part of Step 3 inSKILL.md.\n - Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores instructions embedded within these files.\n
- Capability inventory: The agent has the ability to spawn other agents with arbitrary task descriptions using the
oh-my-agCLI and local scripts likespawn-agent.sh.\n - Sanitization: No sanitization or validation of the content within the progress files is mentioned.\n- [Command Execution] (SAFE): The skill requires the use of CLI tools (
oh-my-ag) and local scripts (spawn-agent.sh) for agent orchestration. These are standard operations for the described project workflow and do not involve privilege escalation or unauthorized access within the context provided.
Audit Metadata