parallel-prompt-generator
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The generated prompt template includes instructions such as 'Do NOT ask for confirmation
- proceed immediately with implementation'. This encourages the downstream agent to bypass standard human-in-the-loop safeguards during automated task execution.
- [INDIRECT_PROMPT_INJECTION]: The skill represents an indirect injection surface because it constructs prompts by verbatim copying of content from potentially untrusted task files.
- Ingestion points: Reads data from
manifest.json,context.md,contracts/, and markdown files within thetasks/directory. - Boundary markers: Present. The template uses explicit headers (e.g.,
=== CONTEXT ===,=== OBJECTIVE ===,=== IMPLEMENTATION REQUIREMENTS ===) to delimit different data sections. - Capability inventory: The generated prompts authorize the downstream agent to use file editing tools, execute test suites (
pytest), run linters (ruff,mypy,eslint), and perform git commits. - Sanitization: Absent. The skill instructions explicitly state to 'Copy content EXACTLY from task files' and 'do not summarize or rewrite', which allows instructions embedded in task files to be treated as high-priority prompt content.
- [COMMAND_EXECUTION]: The skill documentation includes bash snippets for validating the integrity of generated files using
grepand provides examples for manual agent execution using theclaudeCLI.
Audit Metadata