skill-validate
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes an internal shell script
./scripts/orchestrate.shvia the Bash tool to coordinate debates between AI models. This is the core mechanism of the validation workflow and is restricted to the skill's own environment. - [PROMPT_INJECTION]: The workflow involves an indirect prompt injection surface as it analyzes untrusted external code. 1. Ingestion points: User-provided file paths or directories. 2. Boundary markers: Not explicitly defined in the provided instruction templates. 3. Capability inventory: Execution of local scripts and writing reports to
~/.claude-octopus/validation/. 4. Sanitization: The skill does not perform pre-processing or sanitization on the input code before evaluation.
Audit Metadata