conductor-orchestrator
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that override standard human-in-the-loop safety protocols. Phrases such as 'NEVER ask user' and 'Resolve autonomously' are used to establish a fully autonomous operating mode, allowing the agent to bypass user oversight for high-impact decisions.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because user-provided goals are interpolated into agent prompts without sanitization. 1. Ingestion points: User input enters via the /go command in SKILL.md. 2. Boundary markers: No delimiters or warnings are used in analysis or planning prompts. 3. Capability inventory: The skill can perform file system writes, execute CLI tools, and spawn specialized agents. 4. Sanitization: No input validation or escaping is applied to the user goal.
- [COMMAND_EXECUTION]: The skill executes the 'claude' CLI tool using string interpolation for board deliberations. This pattern represents a potential command execution vector that could be exploited if malicious input is successfully injected into the workflow.
Audit Metadata