Skills
skills/first-fluke/fullstack-starter/multi-agent-workflow/Gen Agent Trust Hub

multi-agent-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill defines a coordination workflow using local environment tools. No malicious patterns, suspicious remote dependencies, or unauthorized file access attempts were identified during the analysis.
  • [COMMAND_EXECUTION]: The skill uses the oh-my-ag CLI and local shell scripts (such as spawn-agent.sh) to manage the lifecycle of subagents. This command execution is consistent with the skill's primary purpose of multi-agent orchestration.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes user-provided project requirements to generate tasks for subagents. This is considered safe as it is the core functionality of the orchestration workflow.
  • Ingestion points: User-provided requirements and task descriptions analyzed in SKILL.md and resources/examples.md (e.g., "Build a TODO app with JWT authentication").
  • Boundary markers: No specific delimiters or markers are defined to isolate user input in the CLI command templates.
  • Capability inventory: Spawning subagents with code modification capabilities using oh-my-ag agent:spawn, spawn-agent.sh, and referenced "Serena MCP tools".
  • Sanitization: No explicit input validation or sanitization of project requirements is described in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 11:54 PM