orchestrate
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an orchestration layer that ingests external project data (e.g.,
project_state.json,STATUS.md,PROJECT.md) to determine next steps. This ingestion of untrusted data while having access to tools likeBashand file writing represents a surface for indirect prompt injection. - Ingestion points:
project_state.json,STATUS.md,CLAIMS.md,REVIEW_LOG.md, and user-provided medical data files (CSV/Excel). - Boundary markers: Delimiters for untrusted data are not explicitly enforced in the orchestration logic itself, though the skill routes to specialized tools.
- Capability inventory: Access to
Bash,Write,Edit, and local scripts (scripts/validate_skill_contracts.py). - Sanitization: The skill implements a 'PHI Safety Gate' to ensure clinical identifiers are removed before further processing, which serves as a pre-processing validation layer.
- [SAFE]: The skill contains an explicit 'PHI Safety Gate' (Dialogue Node N6) that requires human confirmation or a de-identification step before any sensitive medical data is processed by LLM-based tools, effectively mitigating data exposure risks.
- [SAFE]: A 'Tier-3 Worker Guard' is implemented to restrict high-risk autonomous operations (e.g., sending emails, external code pushes, or publishing to repositories) during end-to-end runs, ensuring human oversight for external communication.
Audit Metadata