parallel-decompose
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as a planning and workflow guide for software architecture. It does not perform unauthorized network requests, execute remote scripts, or access sensitive credentials.
- [PROMPT_INJECTION]: The skill's primary function involves analyzing external documents (PRDs and Tech Specs), which represents an indirect prompt injection surface where instructions embedded in those documents could attempt to influence the generated task output. This risk is inherent to the decomposition process and is managed through human review of the generated plans. Ingestion points: Tech Spec and PRD content processed in Steps 2, 4, and 7. Boundary markers: No specific delimiters or safety instructions are used to isolate external document content from the agent's instructions. Capability inventory: The skill generates task specifications, Python contract code, and manifest files (including validation script templates). Sanitization: No automated sanitization of document content is described before use in output generation.
Audit Metadata