parallel-task
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the lack of sanitization when processing external markdown plan files.
- Ingestion points: The skill parses user-provided plan files (e.g., plan.md) in Step 2 to extract task names, descriptions, and acceptance criteria.
- Boundary markers: The Task Prompt Template in SKILL.md does not use delimiters or explicit instructions to ignore commands or overrides embedded within the task descriptions.
- Capability inventory: Subagents launched by this skill are granted the ability to read, edit, and commit files to a Git repository as specified in the subagent instructions in Step 3.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the plan file content before it is interpolated into the prompts for the subagents.
Audit Metadata