minion-orchestrator
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for submitting 'shell jobs' that execute arbitrary shell commands or scripts on a worker environment using the CLI.
- [REMOTE_CODE_EXECUTION]: The system allows for code execution on remote workers when specifically configured, which is documented as a remote code execution surface.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted user data to form job parameters and subagent instructions. * Ingestion points: User prompts in 'gbrain agent run' and JSON parameters in 'gbrain jobs submit' or 'submit_job'. * Boundary markers: No boundary markers or delimiters are specified to separate user input from system instructions in the job parameters. * Capability inventory: Includes arbitrary shell execution, job submission, and tool invocation across several lifecycle tools. * Sanitization: No sanitization or validation of the 'cmd' or 'argv' parameters is mentioned before the commands are passed to the shell handler.
Audit Metadata