Trust Assessment
agent-orchestrator received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Sub-agent prompt injection via dynamic SKILL.md and task instructions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sub-agent prompt injection via dynamic SKILL.md and task instructions The skill describes a workflow where the orchestrator dynamically generates `SKILL.md` files and task instructions (`inbox/instructions.md`) for sub-agents. It then dispatches sub-agents using a `Task` tool, passing a prompt that references these dynamically generated files. If the content used to generate `SKILL.md` or `inbox/instructions.md`, or the `agent_path`, `agent_name`, or `brief_description` variables, are derived from untrusted user input, a malicious user could inject instructions into the sub-agent's prompt, leading to prompt injection in the sub-agent. Implement strict input validation and sanitization for all user-provided data used in generating sub-agent `SKILL.md` files, `inbox/instructions.md`, and variables like `agent_name`, `brief_description`, and `agent_path`. Ensure that any paths or filenames are properly escaped or restricted to safe characters. Consider using templating engines with auto-escaping for prompt generation. | LLM | SKILL.md:69 |
Scan History
Embed Code
[](https://skillshield.io/report/18ae44a16463fb3a)
Powered by SkillShield