Skills
skills/del-taiseiozaki/claude-code-orchestra/init/Gen Agent Trust Hub

init

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk injection surface by reading untrusted data from external project files and writing it into a configuration file that governs agent behavior.
  • Ingestion Points: The skill reads package.json, pyproject.toml, Cargo.toml, go.mod, Makefile, Dockerfile, and GitHub workflows.
  • Capability Inventory: Uses the Edit tool to modify AGENTS.md and AskUserQuestion to interact with the user.
  • Boundary Markers: There are no delimiters or 'ignore embedded instructions' warnings applied to the data extracted from the project files before it is written to the config.
  • Sanitization: No sanitization or validation is performed on the 'Detected commands' or 'Tech Stack' info before interpolation into the markdown template.
  • Risk: An attacker can place malicious instructions inside a package.json script or a Makefile comment. When this skill runs, it will copy those instructions into AGENTS.md, potentially overriding the agent's safety protocols or diverting its future actions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:47 PM