agent-agent
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface where untrusted data could influence agent actions.
- Ingestion points: The decomposeGoal and coordinateWithSwarm functions accept a complexGoal object as primary input.
- Boundary markers: No delimiters or ignore embedded instructions warnings are present when interpolating the goal context into tool parameters.
- Capability inventory: The skill leverages high-privilege tools including mcp__flow-nexus__agent_spawn, mcp__flow-nexus__task_orchestrate, and mcp__flow-nexus__sandbox_create.
- Sanitization: There is no evidence of input validation, escaping, or filtering for the complexGoal data before it is passed to orchestration tools.
- [COMMAND_EXECUTION]: The skill utilizes tools that manage and execute code within isolated environments or new agent instances.
- Evidence: Usage of mcp__flow-nexus__sandbox_create with a Node.js template and mcp__flow-nexus__agent_spawn to extend capabilities dynamically.
- Context: These operations are central to the skill's purpose as a goal-oriented planner and are managed through defined tool interfaces.
Audit Metadata