pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its mechanism for passing data between agent stages.
- Ingestion points: Untrusted data is ingested through the pipeline_context JSON object, which aggregates outputs (e.g., findings, output) from previous stages in the pipeline.
- Boundary markers: No explicit boundary markers or instructions to ignore nested directives are defined in the data passing protocol.
- Capability inventory: The pipeline orchestrator can spawn new agent tasks, modify the codebase via executor agents, and execute filesystem commands.
- Sanitization: The skill does not specify any sanitization or validation of content passed between agents.
- [COMMAND_EXECUTION]: The skill defines explicit shell commands for state management.
- Evidence: The documentation instructs the agent to execute rm -f .omc/state/pipeline-state.json upon pipeline completion or cancellation to ensure a clean state.
Audit Metadata