ziw-orchestrate
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill handles untrusted data from external sources, including issue bodies, PR comments, and CI logs, which constitutes an indirect prompt injection attack surface. It includes a specific 'Instruction Trust' section directing the agent to ignore any instructions in these data sources that attempt to override its core configuration or safety protocols. (Ingestion points:
SKILL.mdInstruction Trust section; Boundary markers:SKILL.mdInstruction Trust section; Capability inventory: tracker mutation, PR management, code merging, and worker delegation). - [COMMAND_EXECUTION]: The skill instructs the agent to implement a persistence mechanism by establishing a self-driving recurring loop. It explicitly requests the use of platform-native tools for this purpose, such as scheduling features or recurring commands (e.g.,
/loopin Claude Code), to ensure the orchestrator continues to process the delivery scope without manual re-triggering. (Evidence:references/loop-contract.md).
Audit Metadata