recursive-synthesis
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's architecture creates a surface for indirect prompt injection through its multi-agent synthesis loop (Category 8).\n
- Ingestion points: User-supplied [PROBLEM_DEFINITION] and context are interpolated directly into prompts for all 14 agents involved in the synthesis process (SKILL.md and references/phase-templates.md).\n
- Boundary markers: The templates use Markdown headers for structural organization but lack explicit delimiter-based isolation or instructions to the LLM to ignore potentially malicious commands embedded in the processed inputs.\n
- Capability inventory: The agent context includes access to powerful tools such as Bash, Write, Edit, and Task (SKILL.md allowed-tools), which increases the potential impact of a successful indirect prompt injection.\n
- Sanitization: There is no evidence of input validation, filtering, or escaping for external content or intermediate agent outputs before they are processed by subsequent LLM stages.
Audit Metadata