orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The
pre_tool_use.pyhook records all tool interactions, including their full inputs, tologs/pre_tool_use.json. This practice stores potentially sensitive data like API keys, secrets, or private information in plain text within the project's filesystem. - [COMMAND_EXECUTION]: The orchestrator's command filtering logic is susceptible to bypasses. It allows any command starting with a 'safe prefix' (like
echoorgit), which permits an attacker or a confused agent to execute restricted write operations via command chaining or redirects (e.g.,echo 'malicious content' > config.yaml). - [COMMAND_EXECUTION]: The skill requires administrative-like changes to the project environment during setup, including modifying the AI agent's core configuration file (
.claude/settings.json) and altering file execution permissions viachmod +x.
Audit Metadata