cook-parallel
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted user data via the $ARGUMENTS variable and uses it to direct the actions of powerful subagents.
- Ingestion points: $ARGUMENTS inside the tags in SKILL.md.
- Boundary markers: Uses XML-style tags () which provide structural delimitation but are easily bypassed by adversarial input designed to close the tag.
- Capability inventory: The workflow spawns researcher, planner, fullstack-developer, and tester subagents. These agents typically possess file-system write access and command execution capabilities.
- Sanitization: No sanitization or validation of the input tasks is performed before they are processed by the subagent chain.
- Automated Scan Alert (INFO): The scanner alert for 'login-form.com' is a false positive triggered by the example filename 'login-form.component.ts' being misidentified as a domain.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata