parallel-task
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes external, potentially untrusted markdown plan files and delegates tasks to subagents based on that content.
- Ingestion points: Untrusted data enters the context when the agent reads the plan file (e.g.,
plan.md) specified in the/parallel-taskcommand. - Boundary markers: Absent. The skill extracts task descriptions, acceptance criteria, and validation steps directly from the markdown and interpolates them into the 'Task Prompt Template' without using clear delimiters or instructions to ignore instructions embedded within the plan data.
- Capability inventory: The subagents launched by this skill are explicitly instructed to examine files, implement code changes, and run validation steps, providing an attacker-controlled plan with a significant impact surface.
- Sanitization: There is no evidence of sanitization, validation, or filtering of the content extracted from the plan files before it is passed to the subagents.
Audit Metadata