Skills
skills/kcns008/cluster-agent-swarm-skills/orchestrator/Gen Agent Trust Hub

orchestrator

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted task descriptions for routing, which presents a surface for indirect prompt injection.
    • Ingestion points: Task descriptions ingested via scripts/route-task.sh arguments and activity feed logs.
    • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the classification logic.
    • Capability inventory: The skill can delegate tasks to other agents with cluster-modifying capabilities (Atlas, Flow) and perform external notifications.
    • Sanitization: Inputs are lowercased for matching but otherwise remain unvalidated.
  • [COMMAND_EXECUTION]: Executes internal bash scripts including daily-standup.sh, check-sla.sh, and route-task.sh to monitor cluster status using standard tools like kubectl and oc.
  • [DATA_EXFILTRATION]: Performs network operations via curl to PagerDuty's official API (events.pagerduty.com) for incident alerting. This reference to a well-known service is documented neutrally as a safe operational practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 06:08 AM