dispatching-parallel-agents
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill design facilitates Indirect Prompt Injection by instructing the agent to build a pipeline where untrusted data influences high-privilege actions.
- Ingestion points: The 'Common Mistakes' and 'Agent Prompt Structure' sections in
SKILL.mdexplicitly direct the agent to paste error messages and test names (external data) into sub-agent prompts. - Boundary markers: The skill mentions using 'Constraints', but these are provided as natural language instructions within the same context as the untrusted data, which is a weak defense against adversarial injections.
- Capability inventory: The sub-agents created by this pattern are given broad authority to modify production source code ('Fix bugs in abort implementation') and run code within the environment to verify fixes.
- Sanitization: The skill lacks any requirement for sanitizing, escaping, or validating the external content before it is interpolated into the prompts for the parallel agents.
Recommendations
- AI detected serious security threats
Audit Metadata