dev-orchestrator
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the immediate execution of a complex Bash command involving tmux and python3 -c to run the orchestrator logic in the background.
- [REMOTE_CODE_EXECUTION]: The execution logic involves dynamically constructing and running a Python script that imports and executes local code from the amplihack package, which is external to the skill's definition.
- [PROMPT_INJECTION]: The skill uses extremely forceful instructions to override the agent's decision-making process, explicitly forbidding manual steps or alternative tools and mandating a single execution path.
- [PROMPT_INJECTION]: A vulnerability surface for indirect injection exists where user input is ingested via the task_description placeholder. Triple single-quote boundary markers are used but are insufficient to prevent breakout. The skill's capabilities include tmux and python3 -c execution, and no sanitization is performed on the interpolated content, allowing for arbitrary Python code execution.
Recommendations
- AI detected serious security threats
Audit Metadata