co-design
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection.
- Ingestion points: Reads task data from external plan markdown files.
- Capability inventory: Subagents launched via 'claude -p' have access to 'Bash', 'WebFetch', and 'Write' tools.
- Sanitization: None. Task content is directly interpolated.
- Boundary markers: None.
- COMMAND_EXECUTION (HIGH): The skill executes dynamic shell commands.
- Evidence: Launches background 'claude -p' processes using shell heredocs and tracks PIDs.
- Risk: Enables execution of untrusted instructions via high-privilege CLI tools.
Recommendations
- AI detected serious security threats
Audit Metadata