orchestrate-subagents
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses role-play instructions ('You are now operating as an orchestrator') to modify the agent's behavior and define its operational mode.
- [PROMPT_INJECTION]: The orchestration workflow creates an attack surface for indirect prompt injection. Subagents communicate via shared files in a scratch directory (e.g., {scratch}/analysis-results.md), which could allow a subagent processing untrusted data to inject malicious instructions into the coordination chain.
- Ingestion points: Inter-agent communication files located in {scratch}/ directories.
- Boundary markers: None specified for the content of shared coordination files.
- Capability inventory: Spawning subagents, reading/writing files, and executing shell commands (test/lint/typecheck).
- Sanitization: No mention of sanitizing or validating content exchanged between agents.
- [COMMAND_EXECUTION]: The skill explicitly directs the agent to execute shell commands for project validation, specifically mentioning 'run the project's test/lint/typecheck tooling'.
Audit Metadata