langgraph-orchestration
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides patterns for running Model Context Protocol (MCP) servers using
npx. This is a standard and documented method for initializing MCP servers within the ecosystem. - [EXTERNAL_DOWNLOADS]: The skill references several well-known libraries and frameworks for agent orchestration, including
langgraph,langchain, and@modelcontextprotocol/server-filesystem. These are established tools within the AI development community. - [PROMPT_INJECTION]: The skill describes building agents that ingest data from external sources such as the internet, Jira, and GitHub, which creates a potential surface for indirect prompt injection. The skill mitigates this risk by providing explicit instructions and patterns for implementing human-in-the-loop (HITL) approval gates (
interrupt()) and strict tool isolation boundaries between agents. - Ingestion points:
references/mcp-bridging.md(Jira/GitHub),references/deep-agents.md(internet search/fetch URL). - Boundary markers: Recommended usage of
interrupt()andapproval_gateinreferences/interrupts-hitl.md. - Capability inventory: Filesystem access, command execution (npx), and external network requests.
- Sanitization: The skill promotes narrow tool scopes for specialist workers and manual approval for risky side effects.
Audit Metadata