agent-orchestrator

The orchestrator design implements a powerful meta-agent pattern that programmatically generates and runs autonomous sub-agents. This capability is useful but introduces medium-high supply-chain and exfiltration risk because generated SKILL.md files are executed without mandatory review, there are no explicit capability restrictions or sandboxing, and file-based communication exposes potentially sensitive inputs. Before use in production, enforce these mitigations: require human review or cryptographic signatures for generated SKILL.md, implement per-agent capability allowlists and sandboxing (no network or privileged subprocesses by default), restrict inbox/workspace scope and sanitize inputs to remove secrets, add network egress controls and runtime monitoring (process/network auditing), and implement audit logs and real-time alerting rather than solely checkpointed status.json checks. With these controls the pattern can be acceptable; without them the orchestrator poses a significant security risk.