execute
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The orchestrator skill possesses a vulnerability surface for indirect prompt injection by processing untrusted external data and passing it through a chain of powerful sub-skills.
- Ingestion points: Untrusted data enters via the
task-description,ticket-id, andfile-patharguments defined in the frontmatter ofSKILL.md. - Boundary markers: Absent. The workflow passes these arguments directly to
apex:researchand subsequent phases without using delimiters or instructions to ignore embedded commands. - Capability inventory: The workflow triggers
apex:implement(which performs build/validation steps) andapex:ship(which executes git commits), creating a path from untrusted input to system-level changes. - Sanitization: Absent. There is no evidence of input validation, escaping, or filtering of the task description before it is used to drive the workflow logic.
Audit Metadata