Multi-Agent Coordinator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk attack surface because it is designed to ingest and act upon untrusted external data (a codebase) while having the power to write changes and execute tasks. Malicious instructions hidden in code comments or strings could hijack the coordination process.
- Ingestion points: Entire codebase including ViewModels, Services, and configuration files.
- Boundary markers: Absent. There are no instructions provided to the agents to distinguish between codebase data and operational instructions.
- Capability inventory: High. Uses a 'general-purpose' Task tool to perform 'fix swarms' (writing to files) and 'verification' (potential code execution).
- Sanitization: Absent. Data from the codebase is processed and acted upon without filtering or validation.
- [Command Execution] (MEDIUM): The 'Task' tool is defined as 'general-purpose' and is used to deploy 'fix swarms' and 'verification swarms'. This broad capability allows the agent to execute arbitrary operations on the host system or repository based on findings from the untrusted codebase content.
Recommendations
- AI detected serious security threats
Audit Metadata