Skills
skills/agent-sh/agentsys/enhance-orchestrator/Gen Agent Trust Hub

enhance-orchestrator

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the filesystem which is then used to influence the behavior of sub-agents.
  • Ingestion points: The skill uses Glob patterns to discover and read content from various file types (plugins, agents, markdown docs, prompts, and skills) within the user's workspace as defined in Phase 2 of SKILL.md.
  • Boundary markers: There are no explicit boundary markers or instructions to the sub-agents to ignore potentially malicious instructions embedded within the analyzed files.
  • Capability inventory: The skill uses the Task tool to spawn sub-agents with Bash and Skill capabilities, which can execute code and modify files based on the analysis of untrusted data.
  • Sanitization: The orchestration logic does not implement sanitization or validation of the content discovered via Glob before passing it to sub-agents.
  • [COMMAND_EXECUTION]: The skill coordinates the execution of tasks across multiple sub-agents. It explicitly instructs the AI to spawn agents like plugin-enhancer and agent-enhancer which are expected to run JavaScript analyzers via shell commands (Bash(node:*)).
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 07:31 PM