workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed as a security and quality-centric orchestrator, incorporating mandatory secret scanning (gitleaks) and static analysis (semgrep) into the development lifecycle.
- [COMMAND_EXECUTION]: The orchestrator uses system commands to manage git worktrees, execute security tools, and perform environment checks. This behavior is restricted to the local project context and is necessary for the skill's primary function of managing development workflows.
- [EXTERNAL_DOWNLOADS]: The skill documentation describes standard procedures for installing dependencies via npm and pip and references well-known infrastructure providers such as Vercel, Supabase, and Cloudflare. These operations are transparent and follow industry best practices for project setup.
- [PROMPT_INJECTION]: The skill monitors project code and logs for technical debt and architectural drift. While reading untrusted project data presents an indirect prompt injection surface, the risk is mitigated by the skill's intended use-case of automated quality assurance and its reliance on specific, structured detection patterns.
Audit Metadata