parallel
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by extracting task descriptions, acceptance criteria, and validation steps from markdown plan files and interpolating them directly into the instructions for subagents. If these plan files originate from an untrusted source, they could contain malicious instructions designed to hijack the subagents' behavior.
- Ingestion points: Plan files parsed during Step 1, Step 2, and Step 3 in SKILL.md.
- Boundary markers: Absent; the Task Prompt Template does not include delimiters or instructions to treat the interpolated plan content as untrusted data.
- Capability inventory: The subagents possess the ability to read and write to the local filesystem, execute terminal commands for testing, and perform git commits.
- Sanitization: No sanitization or content filtering is performed on the plan file data before it is passed to subagents.
Audit Metadata