research-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface where untrusted data from external files can influence agent behavior.
- Ingestion points: The skill reads content from
research/**/*-subtasks.jsonandresearch/<slug>/<slug>-research-plan.mdusing the file system. - Boundary markers: Triple quotes (""") are used to delimit the subtask description in the sub-agent prompt. However, the
{topic}and{full_text_of_research_plan}variables are interpolated directly into the system instructions without strong delimiters or instructions to ignore embedded commands. - Capability inventory: The skill has the ability to read and write files within the
research/directory and spawn multiple independent sub-agents with custom prompt templates. - Sanitization: There is no evidence of sanitization, filtering, or validation performed on the text extracted from the JSON or Markdown files before it is used to construct the sub-agent prompts.
Audit Metadata