orca-per-workspace-env

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides templates for shell scripts that execute cloud provider CLI commands (e.g., vercel sandbox), manage SSH connections, and run build processes (pnpm install, pnpm run build).
  • [COMMAND_EXECUTION]: Instructs the agent to modify the user's ~/.ssh/known_hosts file using ssh-keyscan to prevent interactive prompts during SSH connection setup.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading project dependencies and cloning repositories from Git providers (e.g., GitHub) using user-provided tokens.
  • [DATA_EXPOSURE]: The skill documentation describes how to reference sensitive files such as SSH identity keys (~/.ssh/id_ed25519) in the environment configuration, though it includes explicit warnings against committing or storing secrets in state files.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and execute scripts found within a repository (e.g., scripts/orca-vm/).
  • Ingestion points: Reads repository configuration (orca.yaml), state files, and execution transcripts from the orca CLI.
  • Boundary markers: None identified; the agent is instructed to parse and act on script outputs directly.
  • Capability inventory: Extensive shell execution capabilities, including provider CLI management, network operations via Git/SSH, and file system modifications.
  • Sanitization: Relies on the user to provide valid scripts and configuration; the agent is instructed to "fix the scripts" based on execution errors.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 05:13 AM
Security Audit — agent-trust-hub — orca-per-workspace-env