zoe-creator
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands like 'jq', 'cat', 'mkdir', and 'cp' to initialize workspaces and manage task JSON files.
- [COMMAND_EXECUTION]: It recommends the creation of a shell script and a corresponding cron job for periodic monitoring, which establishes a persistence mechanism for the orchestrator.
- [PROMPT_INJECTION]: The skill is designed to ingest untrusted external data (Sentry logs, meeting notes, git logs) to trigger sub-agent tasks, creating an indirect prompt injection surface.
- Ingestion points: Sentry errors, meeting notes, and git logs enter the agent context as described in Section 4.5.
- Boundary markers: None identified; the instructions do not include delimiters or warnings to ignore instructions within the ingested data.
- Capability inventory: The orchestrator can spawn agent processes and execute shell scripts via cron.
- Sanitization: No sanitization or validation of external content is specified before interpolation into prompts.
Audit Metadata