multi-ai-collab
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill coordinates sub-agents by executing shell commands to invoke external CLI tools like Codex, Gemini CLI, and Claude Code. It utilizes command substitution (e.g.,
$(cat src/file.ts)) to pass the content of local files as input to these tools. - [EXTERNAL_DOWNLOADS]: Documentation within the skill recommends the installation of official CLI utilities from well-known and trusted providers, including Google's
@google/gemini-cliand Anthropic's Claude Code. These references target established, official package registries and repositories. - [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection, common in orchestrator patterns.
- Ingestion points: Local file content is read and interpolated directly into prompts via shell command substitution in multiple workflow templates (e.g.,
SKILL.md,references/workflows/pipeline.md). - Boundary markers: The skill uses structural headers like
## Code to Analyzeto delimit code, but lacks robust techniques like randomized delimiters to prevent malicious instructions within analyzed files from overriding sub-agent behavior. - Capability inventory: The orchestrator can execute shell commands and leverage sub-agent tools (like file-writing or network access) if provided by the environment.
- Sanitization: No explicit sanitization or escaping is performed on the content of the files before they are passed to the sub-agents.
Audit Metadata