dag-executor
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill uses the Bash tool to execute local TypeScript files (npx tsx) which drive the orchestration logic. Evidence:
npx tsx src/dag/demos/decompose-and-execute.ts. - REMOTE_CODE_EXECUTION (MEDIUM): The skill dynamically generates and executes Task calls (subagents) based on the output of runtime scripts. This creates a chain where local code execution controls the spawning of further remote agent instances.
- PROMPT_INJECTION (LOW): High vulnerability to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion Point: Processes 'arbitrary natural language tasks' from users. 2. Boundary Markers: Absent in the example Task tool prompts. 3. Capability Inventory: Subagents have access to Bash, Write, and Edit tools. 4. Sanitization: No explicit validation or escaping of user input before it is decomposed into subagent instructions.
Audit Metadata