orchestrator
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a system for orchestrating multiple parallel agents to process user requests and data, which creates a surface for indirect prompt injection.
- Ingestion points: User requests and project files enter the agent context and are used to build prompts for subagents and teammates (SKILL.md).
- Boundary markers: The instructions lack requirements for using delimiters (like XML tags or triple backticks) to separate user data from instructions in generated prompts.
- Capability inventory: The orchestration logic employs powerful tools including TaskCreate and TeamCreate, which allow subagents to modify the file system and execute terminal commands (SKILL.md, references/patterns.md).
- Sanitization: There is no instruction to sanitize, validate, or escape content from external files or user input before it is passed to subordinate agents.
Audit Metadata