agent-orchestrator-task
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest 'complex objectives' (untrusted data) and decompose them into subtasks for downstream agents.
- Ingestion points: Objective descriptions provided via user prompts (e.g., 'Complex Feature Development' examples).
- Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the processed objectives.
- Capability inventory: The orchestrator controls 'GitHub Agents' (file-write/version control) and 'SPARC Agents' (methodology execution), providing a high-privilege execution path for malicious instructions hidden in objectives.
- Sanitization: Absent. No evidence of validation or filtering for the instructions passed to downstream agents.
- Command Execution (LOW): The
preandposthooks in the YAML frontmatter execute shell commands. - Evidence:
SKILL.mdcontainsecho,memory_store, andmemory_searchcommands in the lifecycle hooks. While these appear intended for local state management, they demonstrate the capability to execute shell-level operations based on orchestration events.
Recommendations
- AI detected serious security threats
Audit Metadata