Skills
skills/tianxiao1430-jpg/zai-skills/zai-orchestrator/Gen Agent Trust Hub

zai-orchestrator

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation documentation suggests running npx skills add pointing to the author's GitHub repository (github.com/tianxiao1430-jpg/zai-skills). This involves the execution of remote scripts, which is documented as a vendor-specific deployment pattern from the official repository.
  • [PROMPT_INJECTION]: The skill's orchestration workflow processes untrusted data from web searches and external codebases, presenting an indirect prompt injection surface.
  • Ingestion points: Untrusted content enters the agent's context through the output of the zai-web-search and zread tools.
  • Boundary markers: The skill instructions lack explicit delimiters or "ignore embedded instructions" warnings to distinguish the skill's logic from retrieved external data.
  • Capability inventory: The orchestrator has the ability to call vision, search, and file-reading tools and generate implementation code based on the combined information.
  • Sanitization: No sanitization, validation, or filtering of the retrieved data is specified in the skill's operational instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 11:44 PM