orchestrate
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines an orchestration pattern for "Research Swarms" that is susceptible to indirect prompt injection from untrusted external data.
- Ingestion points: The prompt template for Research Agents (SKILL.md) explicitly instructs agents to use WebSearch and WebFetch to gather information from blog posts, GitHub repositories, and official documentation.
- Boundary markers: The skill does not provide templates or instructions for using boundary markers, delimiters, or "ignore instructions" warnings when processing the retrieved external content in SKILL.md.
- Capability inventory: The orchestrated agents are capable of writing markdown files to the local filesystem and performing git operations across all scripts, meaning malicious content from the web could potentially influence the codebase through these agents.
- Sanitization: There are no instructions for sanitizing or validating the content retrieved from the web in SKILL.md before it is used to inform further project phases or architecture plans.
Audit Metadata