Agent Orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The metadata includes an installation command that fetches the skill instructions from a remote GitHub repository using curl.
- [PROMPT_INJECTION]: The skill defines orchestration workflows that are vulnerable to indirect prompt injection.
- Ingestion points: The orchestrator processes user-provided task descriptions and requirements in the SKILL.md and through runtime interactions.
- Boundary markers: The delegation templates and workflows lack explicit delimiters to separate instructions from untrusted external data.
- Capability inventory: The agents being orchestrated have access to powerful tools, including GitHub for repository management, Supabase for database operations, and Playwright for web automation.
- Sanitization: No validation or sanitization processes are defined for data passed between agents in the pipeline.
- [NO_CODE]: The skill is composed entirely of markdown instructions and metadata without any bundled executable scripts.
Audit Metadata