workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The orchestrator is designed to execute shell commands via the Bash and Task tools based on a generated and validated plan. Operational safety is maintained through mandatory verification steps for every task and deviation rules that trigger user escalation for significant architectural changes.
- [EXTERNAL_DOWNLOADS]: Reference documents provide templates for managing project dependencies and verifying service health via external network requests using tools like curl, pip, or npm. These patterns are presented as standard development practices within the orchestration workflow.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing project files and user requirements. It mitigates this risk through structured phase gates, a bounded plan-validation loop, and a requirement for human confirmation when the agent identifies deviations from the established plan.
Audit Metadata