Skills
skills/yonatangross/orchestkit/implement/Gen Agent Trust Hub

implement

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Detected a potential surface for Indirect Prompt Injection (Category 8). The skill ingests untrusted data from both the user query and the existing codebase and interpolates it into prompts for parallel sub-agents without sufficient sanitization or boundary markers.
  • Ingestion points: User input ([feature-description]) and codebase content (retrieved via Read, Grep, Glob, and mcp__context7__query_docs).
  • Boundary markers: No explicit delimiters (like XML tags or 'ignore instructions' warnings) are used when passing context to sub-agents in references/agent-teams-phases.md or references/agent-teams-security-audit.md.
  • Capability inventory: The sub-agents are granted high-privilege tools including Bash, Write, Edit, and TaskCreate.
  • Sanitization: No evidence of sanitization or escaping of variables like {feature} or {feature-slug} before they are interpolated into sub-agent prompts or Bash commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 12:26 PM