orchestrate-review
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external file content without sanitization. \n
- Ingestion points: File content from the repository is joined and inserted into the
Task Prompt TemplatewithinSKILL.md. \n - Boundary markers: Absent; file content is directly interpolated into the sub-agent's prompt without delimiters or instructions to ignore embedded commands. \n
- Capability inventory: The skill can modify files using an Edit tool and execute shell commands (
exec) for git operations. \n - Sanitization: Absent; no filtering, escaping, or validation of the processed file content is performed. \n- [COMMAND_EXECUTION]: Utilizes the
execfunction to perform git operations (git add . && git commit). This capability is used for its intended purpose of versioning review fixes but represents a system interaction surface that could be exploited if an indirect prompt injection successfully influences sub-agent behavior.
Audit Metadata