orchestrator
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates user-supplied task descriptions into agent prompts via the
$ARGUMENTSvariable. Evidence: 1. Ingestion points:SKILL.md(argument-hint and prompt). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Task, Edit, Write, and LSP tools. 4. Sanitization: Absent. This allows potentially malicious instructions to influence the orchestration workflow. - [COMMAND_EXECUTION]: The skill relies heavily on the
Bashtool to execute local utility scripts such as.claude/scripts/glm5-teammate.shand.claude/lib/action-report-lib.sh, as well as CLI commands likeralph. - [DYNAMIC_EXECUTION]: The skill uses the
Tasktool to dynamically spawn and coordinate subagents (e.g.,ralph-coder,ralph-reviewer) based on a plan it generates and stores in.claude/orchestrator-analysis.md.
Audit Metadata