go

The orchestration skill fulfills its intended function (parallel phased multi-agent execution) but introduces moderate-to-high supply-chain and data-exposure risk due to its requirements to embed full context into many spawned-agent prompts, to batch tool calls, and to delegate operations without least-privilege constraints or required human approvals. The module is not directly malicious, but its design enables credential leakage, transitive installation/execution, and autonomous external actions if spawn_agent grants agents broad capabilities. Recommended actions before deployment: enforce allowed_tools/connectors, add automatic secret redaction, require human gates for external-impacting phases, and prohibit transitive skill installation.