swe-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and acts upon data from external VCS issues.
- Ingestion points: The SWE Architect persona reads issue content using the vcs-issue-management tool (SKILL.md).
- Boundary markers: Absent; there are no instructions to use specific delimiters or to disregard instructions found within the issue description.
- Capability inventory: The skill can create and switch branches (vcs-branch), write and commit code (vcs-commit), create pull requests (vcs-change-request), and execute tests or linters.
- Sanitization: Absent; the agent is directed to gather goals and criteria directly from the issue body without verification.
Audit Metadata