Skills
skills/codeaholicguy/ai-devkit/agent-orchestration/Gen Agent Trust Hub

agent-orchestration

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an autonomous orchestration loop that creates a significant surface for indirect prompt injection.
  • Ingestion points: The skill uses agent detail --json (SKILL.md) to ingest conversation history from other agents into its own context.
  • Boundary markers: Absent. There are no instructions provided to treat the conversation data from other agents as untrusted or to ignore embedded instructions within that data.
  • Capability inventory: The skill can send commands to other agents (agent send), store data in memory (memory store), and execute arbitrary bash commands (referenced for sleep, but capable of more).
  • Sanitization: Absent. Data retrieved from agents is processed directly to determine the next 'ACT' phase of the loop.
  • [EXTERNAL_DOWNLOADS]: The skill instructions rely on npx ai-devkit@latest to perform its core functions. This results in the download and execution of an external package from the npm registry at runtime.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to use the 'Bash tool' to run sleep commands during its orchestration loop. While the documented use case is benign, this establishes a pattern of delegating orchestration timing to shell execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:05 PM
Security Audit — agent-trust-hub — agent-orchestration