autonomous-orchestrator
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to use
sudofor tasks that require elevated privileges inAGENTS.mdunder the 'Workflow and command execution' section.- [COMMAND_EXECUTION]: Implements a 'blanket approval' policy for user-owned repositories, allowing the agent to approve its own plans and perform state-changing operations without explicit human confirmation.- [EXTERNAL_DOWNLOADS]: The skill requires the installation and execution of several external tools from themetyatechnamespace, including@metyatech/task-tracker,@metyatech/thread-inbox,@metyatech/ai-quota, andcompose-agentsmd.- [EXTERNAL_DOWNLOADS]: The skill's ruleset configuration inagent-ruleset.jsontargets a remote repositorygithub:metyatech/agent-rules@HEADfor dynamic rule composition.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it autonomously scans untrusted external sources like GitHub issues, PR comments, and package registries during its discovery loop. - Ingestion points: GitHub issues, PR reviews, notifications, and dependabot alerts (identified in
SKILL.md). - Boundary markers: None identified in the work discovery or processing logic.
- Capability inventory: Extensive capabilities including file modification,
sudocommand execution, and multi-agent delegation (identified inSKILL.mdandAGENTS.md). - Sanitization: No specific sanitization or escaping procedures are defined for data ingested from external sources.
Audit Metadata