dispatching-parallel-agents
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill defines an 'Agent Prompt Structure' that creates a significant vulnerability surface by encouraging sub-agents to process external content while possessing write capabilities.
- Ingestion points: In 'Agent Prompt Structure' and 'Real Example' sections, users are instructed to 'Paste the error messages and test names' and 'Read the test file' into sub-agent contexts (SKILL.md).
- Boundary markers: Absent. The provided prompt templates do not use delimiters (e.g., XML tags or triple backticks with clear labels) or explicit instructions to ignore embedded commands within the ingested data.
- Capability inventory: Sub-agents are granted broad permissions to 'Fix the 3 failing tests' and 'Adjusting test expectations', which translates to file-write operations on the codebase and the execution of test runners.
- Sanitization: Absent. There is no guidance for the agent to filter, escape, or validate the content of error logs or source files before they are interpreted as instructions by the sub-agents.
Recommendations
- AI detected serious security threats
Audit Metadata