Skills
skills/miles990/multi-agent-workflow/plan/Gen Agent Trust Hub

plan

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The framework makes frequent use of subprocess.run, subprocess.Popen, and os.system across its Python logic and shell scripts (e.g., _cli/cli/dependencies.py, _templates/hooks/workflow_hooks.py, and _scripts/hooks/subagent_stop.py) to manage git repositories, track state, and execute tests.
  • [EXTERNAL_DOWNLOADS]: The system dynamically installs Python dependencies (typer, rich, pydantic, PyYAML) and system-level packages using multiple package managers including pip, brew, apt-get, dnf, yum, and apk during runtime to resolve missing components.
  • [COMMAND_EXECUTION]: The installation utility _shared/tools/dependency-utils.sh contains commands that invoke sudo apt-get to install system packages, constituting a privilege escalation attempt to modify the host environment.
  • [REMOTE_CODE_EXECUTION]: The framework implements a hook system configured via ~/.claude/settings.json that triggers the automatic execution of local scripts (like workflow_hooks.py) on specific tool events, enabling complex automated behaviors across the agent's session.
  • [DATA_EXFILTRATION]: The skill combines Read, Bash, and WebFetch capabilities, which allows for a tool-chaining pattern where local filesystem data can be read, processed, and potentially transmitted to external network endpoints.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 04:06 AM