Skills
skills/ingpoc/skills/orchestrator/Gen Agent Trust Hub

orchestrator

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The script scripts/session-entry.sh extracts the health_check value from .claude/config/project.json and executes it using the eval command. This creates a direct path for arbitrary code execution if an attacker can modify the project's configuration file.
  • COMMAND_EXECUTION (MEDIUM): The scripts/session-entry.sh script executes an external dependency script located at .skills/initialization/scripts/check-dependencies.sh. Executing unverified scripts from relative paths outside the skill's own directory increases the risk of executing malicious local code.
  • PROMPT_INJECTION (LOW): In scripts/enter-state.sh, the script constructs a JSON state file by manually interpolating the $FEATURE_ID variable into a string. This is vulnerable to schema confusion or indirect injection if a feature ID contains characters like double quotes, which could alter the structure of the resulting .claude/progress/state.json file.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:35 PM