conductor-pattern
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill's primary functionality is driven by a suite of local bash scripts (scripts/conductor.sh, scripts/pipeline.sh, scripts/conductor-pr.sh). These scripts automate complex tasks including git worktree creation, tmux session management, and the invocation of multiple AI agent CLIs (Claude, Codex, Gemini).
- DATA_EXFILTRATION (LOW): The orchestration logic automatically copies .env files and other configuration secrets from the root directory into individual agent worktrees (trees/feat-*). Replicating secrets into multiple subdirectories increases the risk of accidental exposure or leakage if these directories are not properly ignored or secured.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection. Ingestion points: Agents read the repository source code to implement features. Boundary markers: Documentation does not specify delimiters or 'ignore' instructions for embedded data. Capability inventory: Scripts execute shell commands, write files, and create PRs via the GitHub CLI. Sanitization: No mention of sanitizing or escaping content before it is processed by the agents.
Audit Metadata