subtask-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The orchestration logic relies on a main agent reading data directly from task descriptions modified by subtask agents, which is an untrusted data source.\n
- Ingestion points: The
get_tasktool retrieves thedescriptionfield in the polling loop defined inSKILL.md.\n - Boundary markers: Absent. Instructions are appended via simple string concatenation and the agent checks for status using string matching (e.g.,
## Statusinresult.description) without delimiters.\n - Capability inventory: The skill invokes
create_task,update_task, andstart_workspace_sessionwhich can manage and execute logic across multiple repositories.\n - Sanitization: No sanitization or escaping of the subtask-provided results is performed before the main agent processes the input.
Audit Metadata