go
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data to drive its orchestration logic.\n
- Ingestion points: Execution plans are extracted from previous conversational messages, and additional context is provided via the
$ARGUMENTSvariable in theSKILL.mdfile.\n - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the extracted plan or arguments when passing them to subagents.\n
- Capability inventory: The skill uses the
spawn_agenttool to create and instruct subagents based on the processed input.\n - Sanitization: No input validation, escaping, or sanitization mechanisms are implemented for the data retrieved from conversation history.
Audit Metadata