agent-orchestration-multi-agent-optimize
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests external data (system targets, performance goals, and budget constraints) to guide the behavior of its coordination agents. This creates a surface for indirect prompt injection where adversarial input could influence agent reasoning.
- Ingestion points: SKILL.md (Arguments Handling section and final interpolation).
- Boundary markers: Absent. The skill does not use delimiters (e.g., XML tags or clear separators) to isolate user-provided arguments from its internal instructions.
- Capability inventory: The logic influences agent coordination and optimization strategies, affecting internal reasoning and task prioritization.
- Sanitization: Absent. There is no evidence of input validation or escaping for the $ARGUMENTS variable.
- [Metadata Poisoning] (INFO): The code examples reference non-existent model versions (GPT-5, Claude-4). While these are placeholders for future-proofing, they are technically misleading metadata but pose no security risk.
Audit Metadata