agency-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell commands (
ls,cat,grep,echo) for workflow orchestration and state management. These operations are restricted to project-specific directories likeproject-specs/andproject-tasks/. - [EXTERNAL_DOWNLOADS]: No external script downloads, remote package installations, or 'curl | bash' patterns were identified. All operations are local or involve spawning internal specialist agents.
- [DATA_EXFILTRATION]: There are no network operations or external API calls detected. Data processing is confined to the local project environment.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or access to sensitive configuration files (e.g., .ssh, .aws) were found.
- [PROMPT_INJECTION]: The skill uses natural instructional language to define its persona and workflow. It does not attempt to bypass safety filters or override core agent instructions.
- [REMOTE_CODE_EXECUTION]: The skill manages tasks and spawns other agents but does not execute dynamically generated or untrusted remote code.
Audit Metadata