Skills
skills/miles990/multi-agent-workflow/tasks/Gen Agent Trust Hub

tasks

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The framework includes logic to automatically bootstrap its own environment by installing Python dependencies at runtime.
  • _cli/cli/dependencies.py and _shared/tools/yaml_compat.py use subprocess.run to call pip install for required libraries.
  • [EXTERNAL_DOWNLOADS]: The skill fetches software packages and system utilities from external repositories.
  • _shared/tools/dependency-utils.sh contains routines to install system packages using brew, apt-get, apk, dnf, or yum based on the detected OS.
  • [COMMAND_EXECUTION]: The core functionality of the skill relies on executing system-level commands and external binaries.
  • _cli/cli/orchestrator/agent_caller.py executes the claude CLI to invoke sub-agents, passing them generated prompts and controlling their tool access.
  • _scripts/hooks/workflow_hooks.py runs project-specific test suites using pnpm test or pytest via subprocess calls.
  • _shared/tools/dependency-utils.sh uses sudo on Linux distributions to execute package management commands with root privileges.
  • [PROMPT_INJECTION]: The skill creates a significant surface for Indirect Prompt Injection due to its data ingestion and tool capability mix.
  • It ingests untrusted data from the web (via WebFetch) and from local codebase files (via Read).
  • This data is processed by agents that possess powerful tools including Bash (arbitrary command execution) and Write (filesystem modification), creating a risk that malicious instructions in analyzed data could influence the agent's actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 04:06 AM