skills/stablyai/orca/orca-cli/Gen Agent Trust Hub

orca-cli

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data from external sources, making it vulnerable to indirect prompt injection attacks where content from web pages or terminal streams influences agent behavior.
  • Ingestion points: External content enters the agent context through orca snapshot (browser content), terminal read (process output), and orca console (log data).
  • Boundary markers: The skill instructions do not specify any delimiters or ignore-instructions to isolate untrusted content from systemic instructions.
  • Capability inventory: The skill provides a high level of control, including shell command injection via terminal send and worktree manipulation via worktree rm.
  • Sanitization: No sanitization or validation logic is defined for the data retrieved from the browser or terminals before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill provides high-privilege automation capabilities that increase the potential impact of an injection. The orca eval --expression command allows for arbitrary JavaScript execution within the browser context, and orca terminal create --command allows for the launching of arbitrary shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:24 PM
Security Audit — agent-trust-hub — orca-cli