orthogonal

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses the 'orth skills add' command to download and install additional agent capabilities from the Orthogonal marketplace to the local environment.
  • [COMMAND_EXECUTION]: All functional logic is delegated to the 'orth' CLI tool for marketplace operations and API interaction.
  • [REMOTE_CODE_EXECUTION]: The skill enables interaction with remote third-party service logic via 'orth run' commands that call external APIs.
  • [DATA_EXFILTRATION]: User data supplied in request bodies is transmitted to external Orthogonal infrastructure and integrated third-party services as part of its documented functionality.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external search results and API responses, which represents a surface for indirect prompt injection.
  • Ingestion points: Output from 'orth run', 'orth skills search', and 'orth api info'.
  • Boundary markers: Not present.
  • Capability inventory: Shell command execution via the 'orth' CLI.
  • Sanitization: Not specified in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 01:01 AM
Security Audit — agent-trust-hub — orthogonal