Skills
skills/alemusica/golden-helix-studio/parallel-agents/Gen Agent Trust Hub

parallel-agents

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill defines patterns for ingesting untrusted external data (web fetch, file reads) and processing it with powerful agents like @agent with full access. 1. Ingestion points: SKILL.md Pattern 3 (web fetch, file read). 2. Boundary markers: Absent in skill documentation. 3. Capability inventory: @agent (Full access) and #edit (Write) agents are listed. 4. Sanitization: No sanitization or validation steps are described for external content.
  • [External Downloads] (LOW): References GitHub Copilot integration via MCP tools. GitHub is categorized as a trusted source, downgrading this finding from MEDIUM to LOW per [TRUST-SCOPE-RULE].
  • [No Code] (SAFE): The skill consists of instructional markdown and does not include any scripts, binaries, or automated installation commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM