maestro-core
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): This skill acts as a router that maps user input (triggers like
ds,ci,fb) to agent actions (loading sub-skills via theskill()tool). This is an inherent part of its orchestration purpose. - Ingestion points: User-supplied trigger phrases and slash commands defined in the 'Quick Triggers' and 'Ownership Matrix' tables.
- Boundary markers: Absent; the skill relies on direct matching of user triggers.
- Capability inventory: Instructs the agent to invoke the
skill()tool to load relative local skill paths (e.g.,../designing/SKILL.md). - Sanitization: None specified, but the triggers are mapped to a static internal routing table.
- [Prompt Injection] (SAFE): The instructions provide guidance on workflow state and hierarchy. There are no attempts to bypass safety constraints, extract system prompts, or override agent personality.
- [Data Exposure] (SAFE): No hardcoded credentials (API keys, tokens) or sensitive file paths (e.g.,
.ssh,.env) were found in the skill definition. - [Remote Code Execution] (SAFE): No remote downloads (curl/wget), piped shell execution, or package installations are present. All referenced sub-skills are relative local paths.
Audit Metadata