Skills
NYC
skills/daffy0208/ai-dev-standards/Orchestration Planner/Gen Agent Trust Hub

Orchestration Planner

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection surface. The script plan-workflow.sh interpolates the user-provided --goal argument directly into a Codex LLM prompt. An attacker could provide a goal containing instructions to ignore previous rules or extract the system prompt.
  • Ingestion points: GOAL variable in plan-workflow.sh (derived from --goal CLI argument).
  • Boundary markers: Absent. The goal is placed directly inside the prompt string.
  • Capability inventory: Uses codex exec and python3 to process data; writes to /tmp/ files.
  • Sanitization: None. The script directly inserts the raw shell variable into the heredoc-style prompt.
  • COMMAND_EXECUTION (SAFE): While the skill executes shell and Python scripts, these are local scripts bundled with the skill. The use of codex exec is a known tool for this environment.
  • DATA_EXFILTRATION (SAFE): The skill reads a capability graph and writes results to /tmp/, but no exfiltration to external domains was detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:35 PM