meta-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a logic-based orchestrator for other skills. It processes input data to determine skill activation order, dependency resolution, and risk summaries.
- [COMMAND_EXECUTION]: The skill requires the
bashtool as defined inSKILL.mdto execute itsrun.pyscript. The script uses standard Python libraries for JSON processing and logic, with no evidence of arbitrary or dangerous command execution. - [DATA_EXFILTRATION]: No network operations or unauthorized file access patterns were found. The script interacts only with standard input/output and local environment variables via a helper utility.
- [INDIRECT_PROMPT_INJECTION]: The skill processes skill metadata which could theoretically contain instructions. However, the logic is restricted to non-executable fields (names, scores, dependency lists) and the output is a structured plan, which significantly limits the surface for indirect injection attacks.
Audit Metadata