Security Audit

multi-agent-patterns

github.com/muratcankoylan/Agent-Skills-for-Context-Engineering

AI SkillCommit 7942df36cfca

TRUSTED

Scanned 9 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

multi-agent-patterns received a trust score of 78/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Arbitrary Tool Execution via Message Content.

The analysis covered 4 layers: dependency_graph, static_code_analysis, manifest_analysis, llm_behavioral_safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit 7942df36). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

93%

Static Code Analysis

85%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

1 finding

Filesystem Write

1 finding

Shell Execution

2 findings

Dynamic Code

2 findings

Security Findings2

Severity	Finding	Layer	Location
HIGH	Arbitrary Tool Execution via Message Content The `WorkerAgent` class includes an `execute_tool` method that dynamically calls functions registered in its `self.tools` dictionary based on the `tool_name` and `tool_args` provided in an incoming `AgentMessage`. If an attacker can craft or influence the `content` of an `AgentMessage` (specifically the `action`, `tool_name`, and `tool_args` fields), they could potentially execute arbitrary functions registered as tools with arbitrary arguments. This constitutes a command injection vulnerability, as the security depends entirely on the nature of the registered tools and the validation of incoming message content. If `self.tools` contains sensitive functions (e.g., file system operations, network requests, system commands) and input is not properly sanitized, this could lead to data exfiltration, system compromise, or denial of service. Implement strict input validation for `tool_name` and `tool_args` received in `AgentMessage`s, especially if messages can originate from or be influenced by untrusted sources. Ensure that the `self.tools` dictionary only contains safe, pre-approved functions. If sensitive functions must be exposed as tools, they should be wrapped with robust input sanitization, access control, and sandboxing mechanisms to prevent malicious use. Adhere to the principle of least privilege for all tools.	Unknown	scripts/coordination.py:204
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Unknown	/var/folders/1k/67b8r20n777f_xcmmm8b7m5h0000gn/T/skillscan-clone-d1khqqjl/repo/skills/multi-agent-patterns/scripts/coordination.py:4

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/738da84f6175a87d.svg)](https://skillshield.io/report/738da84f6175a87d)