doc-orchestrator
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill operates entirely within the local environment without making network calls or downloading external code. All templates and references are transparent and serve legitimate documentation purposes.
- [COMMAND_EXECUTION]: The skill includes Python scripts (
export.py,transform.py,validate.py) for lifecycle tasks such as archiving document sets and validating metadata. These scripts utilize standard libraries (shutil,pathlib,zipfile) for filesystem management. This behavior is expected and safe given the skill's primary function as a project document orchestrator. - [PROMPT_INJECTION]: The skill processes untrusted user input and existing documentation, creating a surface for potential indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via the
requirement-parserandcurrent-state-scannerduring the analysis phase. - Boundary markers: The system uses Markdown templates with defined variable placeholders, but does not provide specific delimiters or instructions to ignore embedded commands in the source data.
- Capability inventory: The skill possesses filesystem write capabilities used to generate documents and export project archives.
- Sanitization: Standard Python string and YAML processing is used; no specialized sanitization is performed to filter malicious instructions from user-provided project profiles.
Audit Metadata