Workflow Orchestrator

The `SKILL.md` documentation explicitly instructs the AI agent that it supports variable substitution for environment variables using `{env.VAR_NAME}`. This constitutes a prompt injection vulnerability, as it could lead the agent to access and potentially expose sensitive environment variables. While the `orchestrator.py` script attempts to mitigate this by explicitly blocking `env.` variable access during its own substitution process, the instruction in the markdown itself is a high-risk signal for an AI agent that interprets these instructions. Additionally, the skill's core functionality involves executing arbitrary shell commands defined in workflows, which, despite `_validate_command` and `shell=False` protections, always carries inherent risk if the validation is bypassed or incomplete.