conductor-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the direct interpolation of untrusted data into sub-agent prompts.
- [PROMPT_INJECTION]: Ingestion points: The orchestrator ingests untrusted data from the user-provided goal string via the /go command, and from file-based sources including spec.md, plan.md, and metadata.json during the orchestration cycle.
- [PROMPT_INJECTION]: Boundary markers: The prompt templates used for dispatching sub-agents (e.g., analyzeGoal, handleDecision, and worker dispatch) lack explicit delimiters or instructions to ignore embedded commands, allowing untrusted input to blend with system instructions.
- [PROMPT_INJECTION]: Capability inventory: The skill has the capability to dispatch powerful general-purpose agents via the Task tool and perform extensive file system modifications within the project directory.
- [PROMPT_INJECTION]: Sanitization: There is no evidence of sanitization, escaping, or validation of user-provided goals or file contents before they are interpolated into prompt templates.
Audit Metadata