orchestrate
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements a robust 'human-in-the-loop' pattern. Step 4 explicitly requires the agent to show the user the planned tasks and partitioning logic, and wait for confirmation before spawning any subagents.
- [SAFE]: Security is enhanced by the 'Partition to avoid conflicts' logic in Step 2, which ensures that subagents are restricted to disjoint sets of files, minimizing the risk of unauthorized file modifications outside the intended scope.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection by gathering tasks from external sources such as PRDs and issue lists. Ingestion points: The active TaskList, external plans, PRDs, and issue lists. Boundary markers: The skill defines file-level ownership for workers but does not include explicit instructions to ignore commands within the task data. Capability inventory: Spawned subagents inherit tool access, including file system and codebase modification tools. Sanitization: No explicit sanitization of task content is performed, though user validation provides oversight.
- [COMMAND_EXECUTION]: The skill references environment variables (e.g., CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1) and platform-specific commands (e.g., /effort ultracode) to enable advanced orchestration features within the agent environment.
Audit Metadata