orchestrate
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive local system operations using the 'sugar' CLI and standard shell commands. This includes creating git worktrees, managing workspaces in temporary directories, and manipulating project configuration files.
- [COMMAND_EXECUTION]: The orchestrator dynamically generates and executes bash scripts ('ralph-loop.sh') at runtime within isolated workspaces. While this is the core mechanism of the skill's parallel execution model, executing generated code from temporary paths is a significant capability.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes arbitrary user input through the '$ARGUMENTS' variable.
- Ingestion points: User-supplied task descriptions enter the context in Phase 1 (Planning) and Phase 3 (Implementation).
- Boundary markers: The skill uses prompt reinforcement, instructing the agent to restate the task and phase goal at decision boundaries.
- Capability inventory: The skill has significant local execution capabilities, including git operations and the ability to run generated scripts.
- Sanitization: There is no evidence of input validation or sanitization before the task description is incorporated into generated 'CLAUDE.md' (subagent instructions) and 'prd.json' (story definitions) files.
Audit Metadata