parallel-task-spark
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via malicious plan files.
- Ingestion points: Reads external markdown files in Step 2 to extract task descriptions and criteria.
- Boundary markers: The subagent prompt template lacks delimiters or instructions to ignore embedded commands within the [Full description] and [Acceptance Criteria] fields.
- Capability inventory: Subagents can read/edit files, run validation commands, and commit changes.
- Sanitization: No filtering or escaping is applied to content extracted from the plan files.
Audit Metadata