meta-cognition-parallel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Susceptibility to indirect prompt injection through raw interpolation of user arguments into the prompts of parallel sub-agents.\n
- Ingestion points:
$ARGUMENTSare parsed in Step 1 and used in Step 2 to build sub-agent prompts.\n - Boundary markers: Minimal delimiters (a markdown header '## User Query') are used, which do not sufficiently isolate untrusted data from the instruction context.\n
- Capability inventory: The skill coordinates sub-agents; it lacks direct file-system, command execution, or network capabilities itself, which limits the potential impact of an injection.\n
- Sanitization: No sanitization or escaping of the user-provided
$ARGUMENTSis implemented.
Audit Metadata