agent-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs agents to perform standard repository-level operations such as committing changes with git and executing validation commands (tests, lint, build, typecheck) discovered within the project's configuration files (e.g., package.json, pyproject.toml).
- [PROMPT_INJECTION]: The orchestrator is exposed to indirect prompt injection risks as it and its sub-agents ingest and process data from external repositories.
- Ingestion points: The agent reads README files, source code, and configuration metadata during audit and implementation phases (SKILL.md steps 5, 7, and 9).
- Boundary markers: Not explicitly defined; the skill does not require the use of delimiters or 'ignore instructions' warnings when processing untrusted content.
- Capability inventory: Sub-agents like 'implementer' have broad capabilities including writing to the filesystem and executing shell commands.
- Sanitization: Absent; the skill does not specify validation or filtering for external repository content.
- [EXTERNAL_DOWNLOADS]: The workflow mentions the use of tools for retrieving external content from URLs (e.g., $web-fetch-md) to support research and documentation tasks within the engineering process.
Audit Metadata