Skills
skills/yonatangross/orchestkit/chain-patterns/Gen Agent Trust Hub

chain-patterns

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill defines patterns for multi-phase pipelines that ingest data from local JSON state files and external tool outputs, which is then used to drive subsequent agent actions and scheduled tasks. This architectural design creates an indirect prompt injection surface.\n
  • Ingestion points: Patterns in SKILL.md and references/checkpoint-resume.md use the Read tool to ingest data from .claude/chain/*.json.\n
  • Boundary markers: The provided guidance does not include explicit delimiters or instructions to ignore embedded commands within the ingested data.\n
  • Capability inventory: The pipeline patterns utilize powerful capabilities such as spawning background Agent instances and scheduling commands via CronCreate.\n
  • Sanitization: No sanitization or data validation logic is demonstrated in the pattern examples.\n- [COMMAND_EXECUTION]: The skill provides instructions for the persistent execution of tasks using CronCreate and parallel processing via Agent worktrees. These are documented for legitimate development monitoring and implementation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 11:07 AM