Skills
skills/reinamaccredy/maestro/orchestrator/Gen Agent Trust Hub

orchestrator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill repeatedly executes a local script toolboxes/agent-mail/agent-mail.js via the bun runtime for session management, monitoring, and messaging. While this is a local script, the execution of shell commands based on internal orchestration logic presents a risk if arguments are not properly handled.
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
  • Ingestion points: It parses plan.md files (specifically conductor/tracks/<id>/plan.md) to extract 'Track Assignments'.
  • Boundary markers: There are no specified delimiters or instructions for the agent to ignore embedded instructions within the plan files.
  • Capability inventory: The skill possesses the capability to spawn parallel sub-agents using Task(), execute shell commands via bun, and perform file system operations through worker protocols.
  • Sanitization: No sanitization or schema validation of the ingested plan.md content is described, allowing malicious instructions in a project file to influence the spawning and behavior of autonomous workers.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:56 AM