workflow-orchestrator
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is a well-documented tool for managing AI-driven development loops (Ralph loops) and provides security-conscious patterns such as verification and planning.
- [COMMAND_EXECUTION]: Local utility bash scripts (
analyze-task.sh,generate-workflow.sh,list-patterns.sh) are provided for analysis and configuration tasks. These scripts are transparent and restricted to project-local operations. - [EXTERNAL_DOWNLOADS]: While the skill's documentation mentions external integrations and the use of network tools like
webfetch, no hardcoded or unauthorized remote code downloads or execution patterns were identified. - [DATA_EXFILTRATION]: No evidence of credential harvesting or unauthorized data transmission was found. Telemetry and monitoring documentation are focused on local services and dashboards.
Audit Metadata