orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's delegation protocol involves passing raw external data directly into the prompts of specialized sub-agents.
- Ingestion points: Untrusted data enters the context via the 'ERROR' (exact error messages) and 'REQUIREMENTS' fields in the 'Required context template' within
SKILL.md. - Boundary markers: The template uses simple text headers (e.g.,
ERROR:,TASK:) which are insufficient to prevent an adversary from escaping the field and injecting instructions. - Capability inventory: While the orchestrator itself is restricted from writing files, the roles it manages (Implementer, Test Writer, File Updater) possess
WriteandEditcapabilities on the filesystem. - Sanitization: The skill does not prescribe any escaping, filtering, or validation for the external content interpolated into the delegation templates.
- [External Downloads] (LOW): The 'Dependencies' section recommends using
npx skills addto install skills fromjwilger/agent-skills, which is not an organization or repository on the trusted sources list.
Audit Metadata