multi-agent-orchestrator

This skill's stated purpose (multi-agent orchestration) aligns with the capabilities described: breaking tasks into subtasks, spawning specialized agents, parallel execution, and aggregation. However, several supply-chain and privilege risks are present: (1) it spawns independent sub-agent processes that can perform network requests and access local files, effectively expanding the agent's attack surface and enabling autonomous actions; (2) it requires installing npm dependencies without shown integrity/pinning, a known supply-chain vector; (3) it references web-capable skills (browser-tools, brave-search) which enable outbound network access and could be used to exfiltrate input files or secrets found in workspace; and (4) there is no explicit, documented mechanism for secure credential handling or workspace isolation. Overall this skill is functionally coherent but should be treated as SUSPICIOUS for supply-chain and data-exfiltration risks until concrete runtime safeguards are added (network egress controls, least-privilege workspaces, pinned dependencies, explicit credential-scoping, and interactive user approval for spawning agents that access sensitive data).