orch-runtime
Warn
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a global npm package
@oxgeneral/orch. This package is hosted under a scope that is not recognized as a trusted organization or well-known service.\n- [COMMAND_EXECUTION]: The skill makes extensive use of shell commands via theorchCLI tool to manage tasks, agents, and context.\n- [COMMAND_EXECUTION]: The skill documents a command pattern that uses shell subshells (e.g.,$(orch context get ecc-handoff)) to interpolate values from the ORCH context directly into command arguments. This creates a risk of command injection if the data stored in the context by sub-agents or external processes contains shell metacharacters.\n- [PROMPT_INJECTION]: The skill establishes an ingestion point for untrusted data from the ORCH persistent context into the current agent session without defining clear boundary markers or sanitization procedures.\n - Ingestion points: Data is retrieved from the external ORCH runtime via
orch context getin the SKILL.md documentation and used in descriptions and commands.\n - Boundary markers: Absent in the suggested integration patterns.\n
- Capability inventory: The skill provides access to task management, log streaming, and agent messaging via shell commands.\n
- Sanitization: There is no mention of sanitizing or escaping the data retrieved from the context before use.
Audit Metadata