utility-pm-workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface associated with its primary function of executing tasks defined in external plan files.
- Ingestion points: Task instructions are parsed from Section 7 of foundation-prioritized-action-plan files.
- Boundary markers: Execution logic is anchored to specific Markdown headers and prompt markers defined in the shared PARSE-CONTRACT.md file.
- Capability inventory: The orchestrator has the capability to write files to the local system and initiate Bash execution through delegated sub-skills.
- Sanitization: Risk is mitigated by mandatory user confirmation (go/no-go) after every step, a dry-run capability for pre-flight validation, and a self-reference refusal policy that prevents infinite loops or recursive execution.
- [COMMAND_EXECUTION]: The skill performs a tool-capability pre-flight check to verify if the host environment supports Bash and file-writing before initiating the workflow loop.
- [EXTERNAL_DOWNLOADS]: The skill references documentation and reference repositories hosted on GitHub by the author, product-on-purpose.
Audit Metadata