conductor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (HIGH): The skill serves as a 'Conductor' that orchestrates specialized agents with high-privilege capabilities based on untrusted user input. This creates a high-risk surface for indirect prompt injection.\n
- Ingestion points: User requests are ingested in the workflow (Step 1: Clarifier, Step 2: Analyser) and the 'Exemple d'Exécution' section.\n
- Boundary markers: There are no markers or delimiters defined to separate user-provided data from the instructions sent to specialized agents (such as @developer or @security-hardener).\n
- Capability inventory: The skill manages agents capable of code implementation, architecture design, and security hardening across all identified tasks.\n
- Sanitization: No input validation or sanitization logic is present to filter malicious instructions within user requests.\n- NO_CODE (SAFE): The skill consists exclusively of markdown instructions and does not include any executable scripts, binaries, or configuration files that could hide malware or remote code execution logic.
Recommendations
- AI detected serious security threats
Audit Metadata