meta-cognition-parallel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill exhibits a surface for indirect prompt injection (Category 8) due to its core logic of delegating tasks to sub-tasks.
- Ingestion points: Untrusted user questions and code snippets are ingested via the
$ARGUMENTSvariable. - Boundary markers: The skill uses simple Markdown headers (e.g.,
## User Query) to separate system instructions from user data, which can be bypassed by adversarial input. - Capability inventory: The skill has the capability to read local files (
layer1-analyzer.md, etc.) and spawn sub-agents (subagent_type: 'general-purpose'). - Sanitization: There is no evidence of input validation, sanitization, or escaping of the
$ARGUMENTSbefore they are interpolated into the sub-agent prompts. - Data Exposure (SAFE): The skill reads analyzer files from relative paths (
../../agents/). While this is a form of local file access, the paths are hardcoded and point to expected configuration components of the multi-agent system, representing no unintended data exposure.
Audit Metadata