Skills
skills/xkayo32/agent-memory-orchestrator/memory-orchestrator/Gen Agent Trust Hub

memory-orchestrator

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs dynamic loading of sub-skills using variable-dependent paths: .github/skills/{role}/SKILL.md. This pattern introduces a risk of path traversal if the {role} variable, generated during the automated task_plan phase, is manipulated to point to unintended local files.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on external data sources for task planning and context building.
  • Ingestion points: Untrusted data enters the agent context through memory_get_context(project_id, task_description) and git_get_changes(project_id).
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat data from git history or long-term memory as untrusted content.
  • Capability inventory: The orchestrator has the authority to load secondary skills, execute git commands (git_sync), and commit information to memory.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of the project context or git changes before using them to influence the planning and execution phases.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 10:07 AM