multi-lens-quorum

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill uses authoritative directives to override default agent behavior for specific domain-related queries.
  • Evidence: The skill description in the frontmatter instructs the agent to "ALWAYS use for any investment or trading advice" and specifies a list of keywords for "Auto-trigger".
  • [PROMPT_INJECTION]: The sub-agent orchestration template introduces a risk of indirect prompt injection by interpolating untrusted data without structural boundaries.
  • Ingestion points: The "SHARED FACTS" and "THE ONE QUESTION" blocks in the "Subagent prompt template" section of SKILL.md.
  • Boundary markers: The template uses text placeholders but lacks explicit system-level delimiters (such as XML tags or triple backticks) with instructions to treat the interpolated content strictly as passive data.
  • Capability inventory: Sub-agents are instructed to read local filesystem contents (SKILL.md and reference files) based on the provided lens paths.
  • Sanitization: No evidence of input validation or sanitization is present in the orchestration logic to handle malicious input within the facts or question blocks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:15 AM
Security Audit — agent-trust-hub — multi-lens-quorum