multica-mentioning

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Documentation of Mention Contract. The skill provides detailed technical documentation regarding the backend implementation of mentions, including regex patterns and specific UUID requirements. This ensures the agent constructs valid links and correctly understands how different mention types trigger backend processes.
  • [SAFE]: Use of Official Tooling. The skill instructs the agent to use the 'multica' CLI tool to retrieve UUIDs for members, agents, and squads. These operations are limited to read-only listing commands within the workspace context and are consistent with the skill's purpose and the author's identity.
  • [SAFE]: Robust Link Construction. The skill requires the agent to perform an explicit lookup of a display name to a UUID before generating a mention link. This practice prevents the agent from blindly propagating potentially malicious strings from user input into the mention URI scheme.
  • [SAFE]: Absence of Malicious Patterns. No evidence of prompt injection, unauthorized data access, credential harvesting, persistence mechanisms, or remote code execution was found. The skill does not include any obfuscated content, external downloads, or dynamic execution patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:25 AM
Security Audit — agent-trust-hub — multica-mentioning