acceptance-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted issue descriptions while possessing capabilities to modify code and deploy applications. \n
- Ingestion points: The skill accepts 'issue id or issue body' as external input in SKILL.md. \n
- Boundary markers: Absent; there are no specific delimiters or instructions defined to prevent the agent from following instructions embedded in the issue data. \n
- Capability inventory: The workflow involves code implementation ('closed-loop-delivery'), git management ('git-ship'), and deployment ('deploy-dev') as referenced in SKILL.md. \n
- Sanitization: Absent; no input validation or sanitization mechanisms are described for the external intake data. \n- [COMMAND_EXECUTION]: The skill orchestrates tasks that involve git operations and environment-specific deployments, although it explicitly requires human gates for destructive operations and security posture changes.
Audit Metadata