agent-orchestrator
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/match_skills.pyexecutes the localscan_registry.pyscript usingsubprocess.run. This is used to ensure the skill registry is synchronized before performing capability matching. The execution is limited to a known local script path and uses the current Python interpreter. - [DATA_EXPOSURE]:
scripts/scan_registry.pyperforms a filesystem walk to identifySKILL.mdfiles. It extracts metadata including name, description, and tags to build a local registry. This access is restricted to the skill's root and standard agent skill paths. - [PROMPT_INJECTION]: The skill is designed to process external skill metadata which represents a surface for indirect prompt injection. A malicious skill file could theoretically use its description field to influence the orchestrator's ranking logic. However, the orchestrator uses
yaml.safe_load()inscripts/scan_registry.pyto prevent unsafe deserialization during metadata extraction. - [SAFE]: No remote code execution, external data exfiltration, or persistence mechanisms were detected. The skill's behavior is consistent with its stated purpose of agent orchestration.
Audit Metadata