parallel-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to analyze and decompose user-provided requests into discrete tasks, creating a vulnerability surface for indirect prompt injection. 1. Ingestion points: User requests are parsed and analyzed in Phase 1 (SKILL.md). 2. Boundary markers: The instructions lack explicit markers or delimiters to prevent the agent from obeying instructions embedded within the user data. 3. Capability inventory: The skill utilizes powerful tools including WebSearch, WebFetch, Glob, Read, and TaskCreate. 4. Sanitization: No input validation or sanitization logic is described to handle malicious task definitions.
- [NO_CODE]: The skill is comprised solely of markdown documentation and instructional guides. It does not include any Python, JavaScript, or shell scripts, nor does it define any executable environment configurations, which limits the risk of direct command injection or local code execution.
Audit Metadata