knowledge-orchestrator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Category 8: Indirect Prompt Injection] (SAFE): The skill is designed to process untrusted user requests and source documents to extract entities and relationships. * Ingestion points: user_request (decision_logic.md) and source_text (workflow_patterns.md). * Boundary markers: None explicitly defined in the provided snippets. * Capability inventory: String manipulation, regex-based extraction, and coordination of downstream tools. * Sanitization: Implements sanitize_id in integration_mappings.md to strip non-alphanumeric characters from entity IDs before using them in Mermaid diagrams, preventing syntax injection into the visualization layer.
- [Category 4: Unverifiable Dependencies] (SAFE): Mentions a local script 'scripts/validate_workflow.py' for pattern validation and uses standard libraries like 're' and 'json'. No suspicious remote package installations or piped execution patterns (curl|bash) are present.
- [Category 2: Data Exposure] (SAFE): References a local directory '~/.claude/skills/knowledge-orchestrator/custom_patterns/' for configuration storage. This is a standard practice for tool-specific data and does not involve accessing sensitive system files or hardcoded credentials.
Audit Metadata