agent-loop-orchestrator
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The orchestrator is susceptible to indirect prompt injection as it is designed to ingest and act upon data from untrusted external sources.
- Ingestion points: The triage phase in
SKILL.mdidentifies open issues, PRs, and CI failures for autonomous processing. - Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from obeying malicious prompts embedded within the repository data it scans.
- Capability inventory: The orchestrator dispatches work to threads capable of performing git operations, merging PRs, and running reviews as described in the Dispatch Phase.
- Sanitization: No sanitization or content validation is specified for the external data before it is handed off to agent threads for execution.
Audit Metadata