orchestrate-review
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests the content of project files (untrusted data) and includes them directly in the prompt for review subagents.
- Ingestion points: The contents of the project files being reviewed are joined and inserted into the subagent prompt template in
SKILL.md. - Boundary markers: Absent. There are no delimiters or specific instructions for the subagent to treat the provided code purely as data or to ignore embedded instructions.
- Capability inventory: The skill can modify files using the
Edittool, execute shell commands viaexec, and spawn additional subagents. - Sanitization: None. Project code is interpolated into prompts without escaping or sanitization.
- [COMMAND_EXECUTION]: The skill uses the
execfunction to run shell commands for git operations (git add . && git commit). While the specific commands shown use internal counters for the commit message, the presence of shell execution capabilities provides a path for potential abuse if the agent's logic is subverted via prompt injection.
Audit Metadata