Skills
skills/rheinmir/setup/orca-onboard/Gen Agent Trust Hub

orca-onboard

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches configuration and project resources from the author's official GitHub repository (github.com/rheinmir/setup).
  • [REMOTE_CODE_EXECUTION]: Executes a shell script (install-harness.sh) downloaded from the author's repository during the setup phase to bootstrap the local environment.
  • [COMMAND_EXECUTION]: Performs extensive system operations including git history extraction, codebase scanning, and inline Python script execution.
  • [COMMAND_EXECUTION]: Launches a local web server (npx serve) to host the generated onboarding documentation on port 8765.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. Ingestion points: local project files tracked via git. Boundary markers: absent in prompt templates. Capability inventory: bash and python execution, opencode dispatch. Sanitization: absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 10:21 AM
Security Audit — agent-trust-hub — orca-onboard