multi-model-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The scripts
scripts/pal-status.shandscripts/switch-model.shcontain hardcoded user-specific paths (/Users/panlingchuan/...), disclosing the developer's local username and project directory structure. - [DATA_EXFILTRATION] (LOW):
scripts/pal-status.shreads and prints internal configuration details (such as roles and additional arguments) from local JSON files to the agent's output window. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection from the code it analyzes. 1. Ingestion points: The skill is designed to read large amounts of source code (e.g., Swift files) and pass them into sub-agent prompts. 2. Boundary markers: Prompt templates use natural language instructions (e.g., 'Don't provide suggestions') but lack formal delimiters or 'ignore embedded instructions' warnings for the code context. 3. Capability inventory: Orchestrator decisions and code modifications are based on the output of agents processing the untrusted context. 4. Sanitization: No evidence of sanitization or escaping of ingested code is present.
Audit Metadata