multi-agent-coordination
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [Prompt Injection] (LOW): The skill uses authoritative directives such as 'Mandatory Coordination Behavior' and 'Do This First' to influence the agent's execution sequence. This is a common pattern for complex coordination but represents an attempt to override the agent's native task prioritization.
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to fetch and process messages from external peers, creating a vulnerability surface where malicious input could be interpreted as instructions. 1. Ingestion points: Untrusted data enters the context via the 'fetch_inbox' tool. 2. Boundary markers: Absent; there are no instructions to isolate message bodies from instructions. 3. Capability inventory: The agent can reserve files, send messages, and modify project code. 4. Sanitization: Absent; the protocol does not define validation or escaping for incoming messages.
- [Data Exposure & Exfiltration] (LOW): The registration and file reservation tools transmit the local project path ('${CWD}') to a coordination service. While necessary for the skill's purpose, this represents the exposure of internal file system metadata to an external endpoint.
Audit Metadata