orchestrate
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted user input to determine orchestration logic and subagent routing.
- Ingestion points: User-provided task descriptions are ingested as arguments or derived from the conversation context (SKILL.md).
- Boundary markers: The instructions lack explicit delimiters or 'ignore' warnings to prevent user input from overriding the orchestration sequence.
- Capability inventory: The skill can invoke multiple functional tools (e.g., '/dh:add-new-feature') and delegate tasks to specialized subagents like 'python-cli-architect' or 'code-reviewer' (SKILL.md).
- Sanitization: No validation or sanitization of the input task description is documented before it influences tool calls and delegation chains.
Audit Metadata