The Agent Skills Directory

[COMMAND_EXECUTION]: The framework includes built-in capabilities for executing shell commands (bash) and performing file system operations (file_write, file_read, file_edit, grep). These tools are core components of the orchestration framework's intended purpose and are clearly documented for the user.
[EXTERNAL_DOWNLOADS]: The skill references the installation of its core package @open-multi-agent/core and provides examples of using MCP servers via npx. These represent legitimate dependencies and integrations with well-known protocols and official package registries.
[CREDENTIALS_UNSAFE]: The documentation adheres to security best practices by instructing users to manage sensitive API keys for providers (Anthropic, OpenAI, Gemini, etc.) through environment variables rather than hardcoding them within the application code.
[PROMPT_INJECTION]: The skill architecture involves ingesting data from external files and shared memory stores, which creates a surface area for indirect prompt injection. The documentation shows that agents can execute high-privilege tools like bash based on these inputs. Users should be aware of this ingestion point and apply validation to data processed by the agents.
[SAFE]: No malicious obfuscation, hidden instructions, or unauthorized data exfiltration patterns were detected in the skill's content or code examples.

open-multi-agent-orchestration