dispatching-parallel-agents
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection attacks.
- Ingestion points: Untrusted data enters the agent context through the interpolation of
[file path],[test name], and[error summary]in theAgent Prompt Template(SKILL.md). - Boundary markers: There are no delimiters (e.g., XML tags or triple backticks) or explicit instructions used to isolate untrusted data from the subagent's system instructions.
- Capability inventory: Subagents are granted write/execute capabilities, as their primary goal is to modify code files and fix bugs based on the provided inputs.
- Sanitization: The skill lacks any mechanism for sanitizing external content, meaning an attacker-controlled test file or error message could contain instructions that hijack the subagent's task to inject malicious code or exfiltrate data.
- COMMAND_EXECUTION (LOW): The skill documentation demonstrates the use of a
Task()tool call (likely Claude Code) to spawn processes. While the skill itself is instructional, the patterns it promotes involve high-authority automated tasks.
Recommendations
- AI detected serious security threats
Audit Metadata