agent-skill-orchestrator
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it parses untrusted user input to generate execution plans. A sophisticated request could attempt to influence the plan to include unauthorized actions.
- Ingestion points: The user task description is parsed in Step 1 of the SKILL.md workflow.
- Boundary markers: No specific delimiters or safety instructions are used to wrap the input during the planning phase.
- Capability inventory: High surface area; the skill is designed to invoke any available skill, agent, or MCP tool discovered on the platform.
- Sanitization: No content filtering or validation is described for the input task.
- Contextual Note: This is considered a safe finding because the skill's core architecture requires the plan to be presented to and approved by the user via Step 5 before any tools are invoked.
- [SAFE]: The skill follows security best practices for orchestration by implementing mandatory resource discovery and a robust user-approval workflow.
- Discovery First: The skill enforces the use of agent-skill-discovery to verify available tools before planning.
- Human-in-the-Loop: The implementation of AskUserQuestion for plan approval ensures that the agent cannot perform actions autonomously, serving as a primary guardrail against unintended behavior.
Audit Metadata