design
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: In
SKILL.md, the skill utilizes the@executortool to run project-internal Node.js scripts for state synchronization (orchestrator_state.js) and document graph maintenance (ensure_graph.js). These commands use static local paths and perform routine administrative tasks within the agent's environment. - [PROMPT_INJECTION]: In
SKILL.md, the skill is susceptible to indirect prompt injection due to its core function of processing external data. - Ingestion points: Reads discovery and research artifacts from the
artifacts/directory (Step 1, Step 2). - Boundary markers: No explicit delimiters are used to wrap the ingested artifact content in the instructions.
- Capability inventory: Includes file system writes, memory persistence via
@memory-controller, and local script execution via@executor(Step 4, State Machine Integration). - Sanitization: Input markdown is processed as-is without validation for embedded instructions.
- [SAFE]: The identified behaviors are integral to the skill's function as a pipeline coordinator and do not represent malicious activity.
Audit Metadata