skill-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting data from external files and passing it to other agent components.
- Ingestion points: The skill reads 'specs/state.json' and 'TODO.md' to retrieve task descriptions and metadata.
- Boundary markers: Data is encapsulated in a JSON object for delegation, but lacks explicit 'ignore instructions' delimiters for the receiving skill.
- Capability inventory: The skill can read the filesystem ('Read', 'Glob', 'Grep') and invoke other agent skills ('Task').
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the project files before it is passed to the next stage.
Audit Metadata