sub-agent-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill facilitates indirect prompt injection by design. It provides templates for sub-agents to ingest untrusted data (external files, npm metadata) and act upon it with write permissions.
- Ingestion points: Content read during 'Deep audit' or 'Review' tasks specified in
rules/sub-agent-patterns.md. - Boundary markers: Absent; the provided templates do not include delimiters or instructions for sub-agents to ignore instructions embedded within the files they process.
- Capability inventory: Sub-agents are configured with
Read,Write,Edit, and potentiallyBashtools as described in the 'Tool Access Principle' section ofrules/sub-agent-patterns.md. - Sanitization: The skill does not mention or implement sanitization of inputs before they are processed by the LLM sub-agents.
- COMMAND_EXECUTION (SAFE): The skill explicitly advises limiting
Bashtool usage to prevent unnecessary execution and reduce the need for manual approvals, following the principle of least privilege.
Audit Metadata