oss-forensics-orchestration

Warn

Audited by Gen Agent Trust Hub on May 31, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs shell command execution in Phase 0 to initialize the investigation. It activates a virtual environment and runs a Python script located at .claude/skills/oss-forensics/github-evidence-kit/scripts/init_investigation.py.
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection (Category 8). It is designed to ingest and process data from public, attacker-controllable sources such as GitHub commits, PRs, and the Wayback Machine. This untrusted data is used to drive the 'Hypothesis Formation Loop' (Phase 3) and 'Hypothesis Validation Loop' (Phase 5). Malicious instructions embedded in the forensic evidence could potentially influence the orchestrator's decision-making or the prompts sent to subsequent agents.
  • [COMMAND_EXECUTION]: In Phase 3, the orchestrator dynamically determines which agent to spawn based on content extracted from files (evidence-request-*.md) created during the analysis process. This dynamic task invocation relies on data parsed from previous investigative steps, which may include external input.
  • [DATA_EXFILTRATION]: While intended for investigation, the orchestrator coordinates agents that interface with external APIs (GitHub API, Wayback Machine) and retrieves data based on user-supplied or discovered URLs. The combination of shell access and network-enabled agents requires careful monitoring of the data flow.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 31, 2026, 12:32 AM
Security Audit — agent-trust-hub — oss-forensics-orchestration