workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its 'Fast-Track Mode' and 'Agent Teams Mode'.
- Ingestion points: Processes external specification files provided via 'fasttrack:' or 'workflow:fasttrack' (SKILL.md), and reads configuration data from '~/.claude/teams/[team-name]/config.json' (SKILL.md).
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands within these external data sources.
- Capability inventory: The skill has access to powerful tools including Bash, Write, Edit, Read, Grep, and Glob across all phases (SKILL.md).
- Sanitization: No sanitization or validation of the content of the external specs or config files is performed before they are used to guide agent behavior.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform state management and configuration loading, including reading from the user's home directory ('~/.claude/') and project context files.
Audit Metadata