skills/yonatangross/orchestkit/doctor/Gen Agent Trust Hub

doctor

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive configuration files including '.mcp.json', '.claude/settings.json', and '.env' (implied) to validate setup and credential presence (e.g., TAVILY_API_KEY). These operations are restricted to local diagnostics as part of the skill's primary 'doctor' purpose and no data exfiltration was detected.
  • [COMMAND_EXECUTION]: The skill utilizes several Bash scripts ('check-mcp-pinning.sh', 'check-plugin-health.sh') to validate system state. These scripts use local Python 3 processes for JSON parsing of configuration data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from external 'SKILL.md' and agent manifest files during its validation process.
  • Ingestion points: The skill reads files in 'src/skills/', 'src/agents/', and 'manifests/' via the 'Read', 'Grep', and 'Glob' tools.
  • Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present when processing these files.
  • Capability inventory: The agent has access to 'Bash', 'Write', 'Edit', 'MultiEdit', and 'AskUserQuestion' tools, which could be exploited if a malicious instruction is processed.
  • Sanitization: No sanitization or validation of the natural language content within the ingested markdown files is performed before they are processed by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing 'portless' via npm and references 'agent-browser' from Vercel Labs. These are well-known technology services and are documented neutrally.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:18 PM
Security Audit — agent-trust-hub — doctor