Delegation
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local utility script (
~/.claude/skills/Agents/Tools/ComposeAgent.ts) usingbun run. This command is used to generate sub-agent identities and prompts based on user-provided traits and tasks. - [SAFE]: The skill promotes secure execution patterns, such as the use of
isolation: "worktree"for parallel agents, which prevents conflicting file modifications and ensures a clean environment for sub-tasks. - [PROMPT_INJECTION]: The skill identifies a potential indirect prompt injection surface (Category 8) through its delegation mechanism.
- Ingestion points: User-supplied task descriptions, traits, and prompts are used as arguments for the
Task()tool and the identity composition script. - Boundary markers: Absent; the examples do not demonstrate the use of delimiters or 'ignore' instructions to wrap untrusted data within the delegated prompts.
- Capability inventory: The delegated sub-agents (e.g., Engineer, Architect) typically have access to powerful tools including file system operations and shell command execution.
- Sanitization: There is no evidence of sanitization or validation of the user input before it is interpolated into sub-agent prompts.
Audit Metadata