Framework Orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The manifest provides metadata, preconditions, and effects but does not include any scripts, command lines, or executable code blocks.
- EXTERNAL_DOWNLOADS (SAFE): No remote URLs, package installations, or external dependencies are defined in the manifest.
- PROMPT_INJECTION (SAFE): The descriptions and metadata fields contain purely instructional or descriptive text without any bypass patterns or override attempts.
- INDIRECT_PROMPT_INJECTION (LOW): As a 'Meta-skill' that coordinates other frameworks, this skill naturally interacts with project data. While this presents an inherent surface for indirect prompt injection, no vulnerable interpolation logic or script execution is present in this file to exploit.
- Ingestion points: Reads project patterns and skill/framework outputs (implied by description).
- Boundary markers: Not specified in manifest.
- Capability inventory: Modifies files, creates artifacts.
- Sanitization: Not specified.
Audit Metadata