Skills
skills/yonatangross/orchestkit/implement/Gen Agent Trust Hub

implement

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability. The skill accepts user input via the $ARGUMENTS variable and interpolates it directly into the prompt strings used to spawn subagents (e.g., in references/agent-phases.md). There are no boundary markers or instructions for the subagents to ignore instructions contained within the feature description, which could allow a malicious user to hijack the subagents' behavior.\n
  • Ingestion points: $ARGUMENTS in SKILL.md.\n
  • Boundary markers: Absent in subagent prompt templates.\n
  • Capability inventory: Bash, Write, Edit, CronCreate, Agent (High capability).\n
  • Sanitization: None identified.\n- [COMMAND_EXECUTION]: Extensive use of the Bash tool for project scaffolding, git worktree management (via scripts/worktree-setup.sh), dependency scanning, and test execution across all phases.\n- [EXTERNAL_DOWNLOADS]: The skill performs remote data retrieval using WebFetch for documentation (e.g., docs.example.com) and uses curl or wget within verification scripts to test API endpoints.\n- [DATA_EXFILTRATION]: Employs the PushNotification tool to transmit feature names and test results to an external notification service upon completion of implementation tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 11:14 AM