cook-auto-parallel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill interpolates user-provided $ARGUMENTS into a block. Malicious input could attempt to break out of these tags to issue unauthorized commands to the sub-agents.
- Indirect Prompt Injection (LOW):
- Ingestion points: User input enters through the $ARGUMENTS variable in SKILL.md and is propagated through 'plan.md' and subsequent phase files.
- Boundary markers: The skill uses tags as delimiters, but lacks explicit instructions for sub-agents to ignore instructions contained within the user input.
- Capability inventory: The workflow triggers agents capable of file modification, code execution (fullstack-developer/tester), and repository management (git-manager).
- Sanitization: There is no evidence of input validation or sanitization of the user-provided task descriptions before they are processed.
Audit Metadata