orchestrate-research
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform project reconnaissance, such as listing files in.agents/skill-artifactsand checking for the presence of specific directories (research,brand,architecture). - [COMMAND_EXECUTION]: It uses
git logto retrieve the most recent repository history to provide context for its routing decisions. - [COMMAND_EXECUTION]: The skill invokes a local synchronization script using the
bunruntime (manifest-sync.ts) to ensure the project manifest is up to date. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it reads user-generated research artifacts to determine the current state of the pipeline.
- Ingestion points: Reads files from
research/and.agents/, includingproduct-context.mdandicp-research.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands were found in the file-reading logic.
- Capability inventory: The skill has access to command execution (
Bash) and directory traversal tools. - Sanitization: Content from the ingested files is used to build an internal state map without explicit sanitization or validation of the text content.
- [COMMAND_EXECUTION]: Employs the dynamic context injection syntax (
!followed by backticks) to execute shell commands at load time for environment discovery. The commands used (e.g.,find,git log) are benign and serve the skill's primary purpose of orchestration.
Audit Metadata