multica-squads

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is an administrative utility for managing workspace squads. It appropriately restricts its operations to the authorized multica CLI tool as specified in the skill configuration.
  • [PROMPT_INJECTION]: The skill interacts with issue comments and descriptions, which constitutes a potential surface for indirect prompt injection. This risk is inherent to the skill's primary function of issue management and coordination.
  • Ingestion points: The skill ingests untrusted data from issue descriptions and comments using multica issue get and multica issue comment list (found in SKILL.md).
  • Boundary markers: The instructions do not explicitly define boundary markers or 'ignore embedded instructions' warnings for the data being processed.
  • Capability inventory: The skill possesses the ability to mutate workspace state via multica squad management commands and multica issue update (found in SKILL.md).
  • Sanitization: No explicit sanitization, validation, or escaping of ingested external content is described in the provided skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 01:25 AM
Security Audit — agent-trust-hub — multica-squads