agent-orchestration-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill demonstrates patterns for building agent prompts that are susceptible to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the prompt via the
queryvariable inselect_toolsand thestate.get_context()method inbuild_planning_prompt(SKILL.md). - Boundary markers: Absent. The code uses simple f-string interpolation (e.g.,
Given this query: "{query}") without delimiters like XML tags or triple quotes to separate instructions from data. - Capability inventory: The orchestration logic handles high-privilege tools including
query_database,call_api, andsearch_web(SKILL.md). - Sanitization: Absent. There is no escaping or validation of the user-provided strings before they are sent to the LLM.
- DATA_EXFILTRATION (SAFE): No evidence of hardcoded credentials or unauthorized network operations. The defined network/database tools are conceptual and part of the stated orchestration purpose.
Audit Metadata