crewai-multi-agent

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's documentation guides users to install several external packages, including 'crewai', 'crewai-tools', and specific extensions like 'selenium' or 'firecrawl'. These are recognized packages within the AI development community.
  • [COMMAND_EXECUTION]: Example code for a custom 'CalculatorTool' demonstrates the use of Python's 'eval()' function. Although the example includes a character-based safety check to prevent execution of non-mathematical strings, the use of 'eval()' is generally considered a high-risk practice as it can potentially lead to arbitrary code execution if the sanitization is bypassed.
  • [PROMPT_INJECTION]: The framework is designed to ingest and process data from untrusted external sources using tools like 'ScrapeWebsiteTool', 'PDFSearchTool', and 'GithubSearchTool'. This architectural design creates a surface for indirect prompt injection attacks.
  • Ingestion points: Data enters the agent's context through web scraping, PDF parsing, and repository searches (as documented in 'SKILL.md' and 'references/tools.md').
  • Boundary markers: The documentation advises using clear task descriptions and expected output formats, which can help mitigate but not entirely prevent injection issues.
  • Capability inventory: The skill framework enables high-impact capabilities such as code execution ('CodeInterpreterTool'), file system modification ('FileWriterTool'), and database interactions ('PostgreSQLTool').
  • Sanitization: While some examples show basic input validation (e.g., character filtering), the framework does not inherently enforce strict sanitization on all processed external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 12:55 AM
Security Audit — agent-trust-hub — crewai-multi-agent