conf-pipeline-orchestration
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill describes a workflow for 'spawning workers' to execute pipeline stages. This is presented as an architectural pattern for task delegation within an agent environment rather than an instruction to execute arbitrary or dangerous shell commands. The pattern emphasizes passing explicit input/output paths and return contracts to maintain control over the execution environment.
- [DATA_EXFILTRATION]: The instructions mention reading and writing to specific local file paths, such as
state/invariants.lock.jsonandpipeline-state.json, for the purpose of state management and safety checksums. There are no patterns involving hardcoded credentials, access to sensitive system directories (e.g., .ssh, .aws), or unauthorized network operations to external domains. - [PROMPT_INJECTION]: No attempts to bypass safety filters, extract system prompts, or override agent constraints were found. The skill actually contains 'Guardrails' and 'Invariants' designed to prevent agents from modifying their own safety logic or ignoring exploration requirements.
- [INDIRECT_PROMPT_INJECTION]: The skill addresses the vulnerability surface where an orchestrator processes data from specialist agents. It explicitly mitigates this risk by mandating structured communication (JSON artifacts with schemas) over free-text handoffs and requiring the orchestrator to verify status/confidence fields before advancing.
- Ingestion points: Orchestrator reads artifacts (e.g.,
meta/statusblocks) produced by worker agents in files. - Boundary markers: Recommends against prose summaries and mandates structured schema-shaped artifacts to prevent interpretation ambiguity.
- Capability inventory: File system access (read/write state files) and worker spawning capabilities are described as part of the orchestration workflow.
- Sanitization: Implements 'Pattern 3: Aggregator' and 'Pattern 2: Structured communication contract' to reconcile conflicting outputs and verify artifact integrity before processing.
Audit Metadata