dispatching-parallel-agents
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines a high-risk capability tier where untrusted external data influences high-privilege actions. \n
- Ingestion points: Sub-agents ingest untrusted data from test files and error logs (e.g.,
src/agents/agent-tool-abort.test.ts) to diagnose failures. \n - Boundary markers: Absent. The suggested agent prompt structure does not use delimiters to isolate untrusted test content from instructions. \n
- Capability inventory: The workflow grants dispatched agents write access to the filesystem to 'Fix bugs' and 'Make these tests pass'. \n
- Sanitization: Absent. No sanitization, filtering, or validation of the ingested test data or code is suggested before it is processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata