ai-model-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): Potential for Indirect Prompt Injection. The skill processes external task descriptions from the 'input' argument without documented sanitization.
- Ingestion points: The 'input' argument in SKILL.md accepts paths to JSON task descriptions or text prompts.
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are documented in the skill instructions.
- Capability inventory: The skill performs network requests to third-party AI APIs (OpenAI, Anthropic) and writes output to the filesystem via the 'out' argument.
- Sanitization: No evidence of sanitization, escaping, or validation of the input prompt content is present.
- [DATA_EXFILTRATION] (LOW): The skill handles 'Confidential' and 'Personal' knowledge tiers, including 'secrets', and transmits this data to external AI providers (GPT-4, Claude). While this is the intended purpose, it involves data flow to domains (openai.com, anthropic.com) that are not on the trusted whitelist.
Audit Metadata