Skills
skills/xuzeyu91/ai-agent-toolkit/distributed-task-orchestrator/Gen Agent Trust Hub

distributed-task-orchestrator

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides multiple PowerShell and Bash script templates (e.g., in references/cli-integration.md and references/templates.md) that use Start-Job, RunspacePool, and GNU Parallel to execute system commands and launch sub-agents via the claude CLI tool.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from project files and interpolates it into prompts for sub-agents without sanitization or boundary markers.
  • Ingestion points: Project files are read in references/cli-integration.md using Get-Content and passed to the claude CLI.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill has full capability to read/write files and execute shell commands through the orchestration scripts.
  • Sanitization: No evidence of content validation or escaping is provided before data is sent to the CLI.
  • [COMMAND_EXECUTION]: The skill generates executable .ps1 and .sh scripts at runtime to initialize the orchestrator and run tasks, which is a form of dynamic script generation and execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 11:51 AM