Skills
NYC
skills/qodex-ai/ai-agent-skills/multi-agent-orchestration/Gen Agent Trust Hub

multi-agent-orchestration

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill defines a multi-agent orchestration layer vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: Messages passed via MessageBroker and CommunicationProtocol. 2. Boundary markers: Absent. 3. Capability inventory: High, including workflow execution and task management. 4. Sanitization: Absent; no validation of inter-agent messages.
  • COMMAND_EXECUTION (MEDIUM): The documentation instructs running local Python scripts that are not provided in the package, posing a risk if malicious files are placed in the expected paths.
  • NO_CODE (LOW): The skill only contains documentation. The actual executable scripts are missing, which prevents a full security audit and is a suspicious practice.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:56 PM