idea-factory-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is composed entirely of markdown documentation and agent instructions. It does not contain binary files, scripts, or any form of executable code that could pose a direct risk to the host system.\n- [NO_CODE]: There are no source code files (Python, JavaScript, Shell) included in the skill. The logic is implemented through high-quality prompts and structured workflow definitions.\n- [PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface as it is designed to read and analyze third-party codebases during its execution flow.\n
- Ingestion points:
agents/01-project-analyzer.mdusesRead,Glob, andGreptools to ingest content from the project directory being analyzed.\n - Boundary markers: The prompts do not specify explicit delimiters or instructions to ignore potential commands embedded within the analyzed project files.\n
- Capability inventory: The pipeline agents have high capabilities, including the ability to trigger sub-tasks (
Task) and perform file writes (Write) to produce documentation.\n - Sanitization: No sanitization logic is described to filter out or neutralize instructions found in the analyzed codebase before they are passed to subsequent agents in the pipeline.
Audit Metadata