improvement-orchestrator
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The main orchestrator script (scripts/orchestrate.py) executes other Python scripts within the project environment using subprocess.run to manage the improvement pipeline. These commands are constructed as lists of arguments and do not use a shell environment, which is a secure practice that prevents command injection.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) as it ingests untrusted data from feedback files (via the --source argument in scripts/orchestrate.py) to drive automated skill modifications. This attack surface includes data ingestion points, a lack of explicit boundary markers for external content, and the capability to modify files through the pipeline's executor stage. The risk is mitigated by guardrails that only allow automated application of low-risk documentation changes while requiring review for more sensitive modifications.
Audit Metadata