Skills
skills/i9wa4/dotfiles/orchestrator/Gen Agent Trust Hub

orchestrator

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several CLI tools to interact with the environment and external services.
  • Evidence: Executes GitHub CLI commands (gh issue view, gh pr view, gh pr list, gh pr create) to manage repository data (SKILL.md, Sections 3.1, 5.2, 5.3).
  • Evidence: Uses custom tools codex exec for task execution and mkoutput for file generation (SKILL.md, Sections 2.2, 3.2).
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting and acting upon untrusted data from external platforms.
  • Ingestion points: Data enters the agent context through gh issue view, gh pr view, and Jira API calls, as well as reading local files via memo <path> (SKILL.md, Section 3.1).
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands when the fetched content is passed to subagents or planning phases.
  • Capability inventory: The agent has the capability to write files (mkoutput), execute tasks (codex exec), and create pull requests (gh pr create).
  • Sanitization: No sanitization or filtering logic is present to ensure that fetched issue or PR descriptions do not contain malicious instructions that could manipulate the agent's workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 08:01 PM