workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security threats were identified. The skill's primary function is to coordinate other local skills based on milestone detection and configuration files.
- [COMMAND_EXECUTION]: The skill uses Bash and Grep for legitimate purposes, such as verifying the existence of files and searching for completion markers in task plans. These operations are restricted to the local project directory and are used solely for status monitoring.
- [PROMPT_INJECTION]: The skill ingests data from local project files (e.g., PRD documents and skill configurations) to determine workflow transitions. This creates a surface for indirect prompt injection, though the impact is assessed as safe as it primarily triggers pre-defined local skills.
- Ingestion points:
docs/{scope}-prd-task-plan.mdandskills/auto-trigger/SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined for the files being read.
- Capability inventory: The skill has access to
Bash,Write,Edit, and the ability to trigger other agent skills. - Sanitization: No evidence of validation or sanitization for the content read from files before processing it for workflow decisions.
Audit Metadata