grace-multiagent-execute
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from local XML files to guide agent actions, representing an indirect prompt injection surface. 1. Ingestion points: docs/development-plan.xml and docs/knowledge-graph.xml (parsed in Step 1). 2. Boundary markers: The skill utilizes execution packets to scope worker context but lacks explicit safety delimiters. 3. Capability inventory: The agent can execute module-local verification commands and generate code via the $grace-generate protocol (referenced in Step 3). 4. Sanitization: The workflow incorporates mandatory contract and verification reviews to validate worker outputs before integration.
- [NO_CODE]: The skill is entirely composed of natural language instructions and metadata; no executable scripts, binaries, or automated logic were found within the provided files.
Audit Metadata