Skills
skills/seabbs/skills/org-orchestrate/Gen Agent Trust Hub

org-orchestrate

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Establishes system persistence and scheduled background execution.
  • Evidence: Modifies the user's crontab and creates/loads macOS launchd plist files in ~/Library/LaunchAgents/ to run automation scripts periodically.
  • [COMMAND_EXECUTION]: Encourages the bypass of built-in security controls.
  • Evidence: Explicitly prompts the user to consider using the --dangerously-skip-permissions flag for unattended runs, which removes human-in-the-loop approval for sensitive operations.
  • [COMMAND_EXECUTION]: Performs dynamic script generation and runtime execution.
  • Evidence: Generates, verifies, and executes helper scripts within ~/.claude/scripts/ and creates project-specific Taskfile.yml configurations.
  • [EXTERNAL_DOWNLOADS]: Fetches external code from GitHub.
  • Evidence: Uses the gh repo clone command to download entire repositories from specified organizations to the local filesystem.
  • [PROMPT_INJECTION]: Contains instructions to override default agent behavior.
  • Evidence: Includes a directive to "automatically exit" after completing phases if run as a standalone request.
  • [COMMAND_EXECUTION]: Potential for indirect prompt injection via external data.
  • Ingestion points: Reads CLAUDE.md files from potentially untrusted cloned repositories.
  • Boundary markers: None identified.
  • Capability inventory: Can write files, modify cron/launchd, and execute arbitrary shell commands via generated scripts.
  • Sanitization: None identified for the content read from CLAUDE.md before processing logic.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 07:16 AM