orchestrate-governance-step
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs dynamic command execution by invoking sub-skills based on instructions parsed from external files. In Step 5, it executes the command /skill-name [focus], where the skill name and focus arguments are derived from the output of the /plan-next tool.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it acts upon instructions found in project documentation.
- Ingestion points: Data is ingested via the /plan-next command, which scans markdown documents in the specified docs_root (SKILL.md, Step 1).
- Boundary markers: Absent. There are no clear delimiters or instructions to the model to treat the ingested data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill can execute any other available skill within the agent's environment via the /skill-name format (SKILL.md, Step 5).
- Sanitization: Absent. The skill directly uses the 'recommended skill' and 'focus' parameters extracted from the /plan-next output without validation.
Audit Metadata