orchestrator-emergency
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external, untrusted incident data.
- Ingestion points: The skill is designed to analyze and summarize user-provided or system-generated outage reports and log data (SKILL.md).
- Boundary markers: No explicit delimiters or instructions are provided to the agent to disregard embedded commands or formatting within the incident data.
- Capability inventory: The agent is instructed to suggest using the memory-recorder tool to persist incident details to Serena memory, creating a path for long-term poisoning.
- Sanitization: There are no instructions or mechanisms for validating, escaping, or filtering the input data before it is summarized or recorded.
Audit Metadata