agent-loop-orchestrator

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The orchestrator is designed to ingest and act upon content from untrusted external sources like GitHub issues and pull requests, creating a surface for indirect prompt injection attacks.
  • Ingestion points: Triage phase in SKILL.md scans issues, pull requests, and CI failures.
  • Boundary markers: None identified; the skill does not specify the use of delimiters or instructions to prevent the agent from executing instructions embedded in the external content.
  • Capability inventory: Autonomous agent threads are granted full access to tools including browser capabilities and repository maintenance skills.
  • Sanitization: No validation or filtering mechanisms are described for the triaged data before it is passed to worker threads.
  • [COMMAND_EXECUTION]: The skill references various internal automation commands (e.g., /agent-loop:triage, /agent-loop:start) and shell utilities like sleep. These operations are consistent with the intended functionality of a persistent maintenance orchestrator.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:11 AM
Security Audit — agent-trust-hub — agent-loop-orchestrator