orchestrating-agent-relay
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
agent-relayCLI tool for operational tasks, including starting a detached broker process, spawning worker agents, and managing their lifecycle through shell commands. - [EXTERNAL_DOWNLOADS]: The instructions guide the agent to install the
agent-relaypackage from the public npm registry using standard package management commands. - [PROMPT_INJECTION]: The skill includes an orchestrator instruction template that uses directive language to define the agent's persona and operational protocol when managing the relay infrastructure.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the orchestrator to read and process potentially untrusted text responses from worker agents via the
agent-relay repliescommand. - Ingestion points: Worker replies are read from the
agent-relayCLI output. - Boundary markers: No specific delimiters are suggested for the worker output.
- Capability inventory: The orchestrator can spawn new agents and execute shell commands based on the content of worker replies.
- Sanitization: No input validation or sanitization of the worker replies is described.
Audit Metadata