parallel-execution
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection Surface. The skill defines a protocol for retrieving and synthesizing data from subagent tasks which may process untrusted content. 1. Ingestion points: Step 4 (TaskOutput retrieval) and Step 5 (Synthesis) describe ingesting subagent-generated content directly into the orchestrator's reasoning context. 2. Boundary markers: Absent. The provided prompt templates and synthesis instructions do not include the use of delimiters or 'ignore' instructions to prevent the agent from obeying instructions embedded in subagent results. 3. Capability inventory: The skill relies on the 'Task' tool for background execution and 'TaskOutput' for data retrieval. 4. Sanitization: Absent. The protocol does not specify any validation or filtering of subagent outputs before they are processed for conflict resolution or prioritization.
Audit Metadata