Skills
skills/yonatangross/orchestkit/multi-agent-orchestration/Gen Agent Trust Hub

multi-agent-orchestration

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill is highly vulnerable to injection because untrusted data is directly interpolated into prompts. \n
  • Ingestion points: The task parameter in Supervisor.run() and multi_agent_analysis(), and agent outputs in synthesize_findings() and resolve_conflicts(). \n
  • Boundary markers: None. Prompts lack delimiters or 'ignore embedded instructions' warnings. \n
  • Capability inventory: The skill can route work to specialized agents and spawn new agent sessions using the 'Agent Teams' pattern (CC 2.1.33+). \n
  • Sanitization: No validation or escaping is applied to untrusted content before prompt construction. \n- Command Execution (HIGH): Through the 'Agent Teams' functionality, the skill allows spawning new full-capability agent sessions via the Task tool. If the routing logic is compromised via prompt injection, an attacker can manipulate the prompts or task descriptions of these sub-agents to execute unauthorized commands or exfiltrate data. \n- Conditional Attacks (MEDIUM): The skill contains logic gated by environment variables (CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS, ORCHESTKIT_PREFER_TEAMS) which activates the higher-privilege agent-spawning capabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:30 AM