Skills
skills/yonatangross/orchestkit/cover/Gen Agent Trust Hub

cover

Warn

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform framework discovery, execute test suites (e.g., vitest, jest, pytest), and manage containerized services via docker compose or testcontainers.
  • [COMMAND_EXECUTION]: Uses the CronCreate tool to establish a persistent "Coverage Drift Monitor" that periodically executes shell commands to track coverage regressions, which persists the agent's activity across sessions.
  • [REMOTE_CODE_EXECUTION]: Implements a PreToolUse hook that executes an external script (run-hook.mjs) through the shell, allowing for arbitrary code execution whenever the Bash tool is invoked.
  • [PROMPT_INJECTION]: The "Heal Loop" workflow (Phase 5) creates a surface for indirect prompt injection by reading potentially untrusted source code and test logs to generate fixes.
  • Ingestion points: Phase 5 reads project source code and test execution results from the file system.
  • Boundary markers: There are no defined delimiters or instructions provided to the generator agents to distinguish between the code being tested and the agent's instructions.
  • Capability inventory: The agent possesses powerful capabilities including Bash, Write, Edit, and CronCreate that could be exploited if malicious instructions are processed.
  • Sanitization: No evidence of input validation or sanitization exists for the content ingested from the project environment before it is passed to sub-agents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 19, 2026, 02:03 AM