Skills
skills/miles990/multi-agent-workflow/review/Gen Agent Trust Hub

review

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script _shared/tools/dependency-utils.sh contains logic to automatically install system packages using sudo apt-get install -y, which executes with elevated privileges without explicit user confirmation.
  • [COMMAND_EXECUTION]: The Python CLI components in _cli/cli/dependencies.py and _shared/tools/yaml_compat.py perform automatic dependency management by executing pip install for missing packages at runtime.
  • [REMOTE_CODE_EXECUTION]: The agent orchestration logic in _cli/cli/orchestrator/agent_caller.py explicitly allows subagents to use the Bash tool. Because these agents are designed to analyze and review untrusted code from the repository, this creates a significant vulnerability to indirect prompt injection where the code under review could manipulate the agent into executing arbitrary shell commands.
  • [EXTERNAL_DOWNLOADS]: The skill's setup and execution scripts automatically fetch and install various system-level and language-specific dependencies from external package registries.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 04:06 AM