multi-agent-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the oh-my-ag CLI and local shell scripts to manage sub-agents.
- Evidence includes shell commands in SKILL.md and resources/examples.md such as
oh-my-ag agent:spawnand.agent/skills/orchestrator/scripts/spawn-agent.sh. - The skill uses background processes (
&) and synchronization (wait) to handle parallel agent execution. - [PROMPT_INJECTION]: The skill passes user-provided task descriptions directly into CLI arguments, which constitutes an indirect prompt injection surface.
- Ingestion points: Task descriptions in the
agent:spawncommand arguments (e.g., SKILL.md Step 2). - Boundary markers: Double-quote delimiters are used for task strings, but no explicit instructions are provided to the sub-agents to ignore embedded prompt instructions.
- Capability inventory: The skill is designed to execute shell commands and modify code using Serena MCP tools.
- Sanitization: No explicit sanitization or validation logic is defined for the interpolated task descriptions.
Audit Metadata