orthogonal
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the 'orth skills add' command to download and install additional agent capabilities from the Orthogonal marketplace to the local environment.
- [COMMAND_EXECUTION]: All functional logic is delegated to the 'orth' CLI tool for marketplace operations and API interaction.
- [REMOTE_CODE_EXECUTION]: The skill enables interaction with remote third-party service logic via 'orth run' commands that call external APIs.
- [DATA_EXFILTRATION]: User data supplied in request bodies is transmitted to external Orthogonal infrastructure and integrated third-party services as part of its documented functionality.
- [PROMPT_INJECTION]: The skill processes untrusted data from external search results and API responses, which represents a surface for indirect prompt injection.
- Ingestion points: Output from 'orth run', 'orth skills search', and 'orth api info'.
- Boundary markers: Not present.
- Capability inventory: Shell command execution via the 'orth' CLI.
- Sanitization: Not specified in the instructions.
Audit Metadata