agent-orchestrator-parallel-coding
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the agent-orchestrator CLI and core packages from the NPM registry and GitHub repositories.
- [REMOTE_CODE_EXECUTION]: Executes a setup script from a cloned repository as part of the source installation process.
- [COMMAND_EXECUTION]: Instructs the user to modify shell configuration files (e.g., .zshrc) to enable command completion and environment setup.
- [COMMAND_EXECUTION]: Utilizes system-level tools such as tmux and package managers with elevated privileges (sudo) for installation and session management.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface via the automated reactions feature.
- Ingestion points: Processes external data such as CI failure logs (errors) and GitHub pull request comments (comments) within SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the examples.
- Capability inventory: The system can execute shell commands, manage git worktrees, and perform network operations via notifier plugins.
- Sanitization: No explicit sanitization of external log data or review comments is documented.
- [CREDENTIALS_UNSAFE]: Documents the requirement for sensitive environment variables to facilitate API authentication for AI models and source control providers.
- [DATA_EXFILTRATION]: Provides configuration options to transmit session status and notifications to external third-party services like Telegram, Slack, and Discord.
Audit Metadata