task-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a bash script (
scripts/validate-orchestration.sh) used to verify compliance with the orchestration protocol by analyzing session transcripts. The script employs safe practices, including variable quoting and the use of the--delimiter to protect against command-line argument injection when processing input files.\n- [PROMPT_INJECTION]: The skill defines an orchestration layer that ingests external data from user requests and agent reports, creating a surface for potential indirect prompt injection.\n - Ingestion points: Untrusted data enters the agent context through user feature requests and completion reports from subordinate agents as described in
SKILL.md.\n - Boundary markers: While the protocol uses Markdown headers and structured YAML blocks to separate instructions from data, it does not implement explicit markers or instructions to disregard potential commands embedded within user inputs.\n
- Capability inventory: The orchestrator manages the spawning and coordination of up to 6 concurrent agent chains and invokes a local shell script for transcript validation.\n
- Sanitization: No explicit sanitization, escaping, or validation of user-provided text is performed prior to its inclusion in downstream agent prompts.
Audit Metadata