Meta Dispatcher & Task Orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted data.
- Ingestion points: The skill processes external PRDs, requirement documents, and business descriptions (referenced in SKILL.md).
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed documentation.
- Capability inventory: The agent can generate new skill files in '.trae/skills/' (Skill Factory) and delegate tasks to automation and backend skills.
- Sanitization: The skill lacks logic to sanitize or validate the content of the documents it analyzes before using them to drive task decomposition.
- [COMMAND_EXECUTION]: The skill mentions delegating to 'Browser Automation' and 'Backend' skills. While it coordinates these actions, it does not directly execute shell commands.
- [EXTERNAL_DOWNLOADS]: The skill references an MCP tool (mcp-feedback-enhanced) and various internal modules (e.g., 01_Architect_TechStackSelector). These are treated as trusted components within the expected environment.
Audit Metadata