dispatching-parallel-agents
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill defines a workflow vulnerable to indirect prompt injection. * Ingestion points: Agents are directed to read external test files (e.g.,
src/agents/agent-tool-abort.test.ts) and error messages as primary input. * Boundary markers: Example prompts do not include delimiters or instructions to ignore instructions embedded in those files. * Capability inventory: The workflow requires file modification ('Fix by...') and the use of theTask()function. * Sanitization: No validation or sanitization of external data is recommended before the agent acts on it. - COMMAND_EXECUTION (MEDIUM): The use of the
Task()function for orchestration allows for automated execution of complex operations across the codebase. This facilitating tool is used to manage parallel agent behaviors that can have significant system-wide effects.
Recommendations
- AI detected serious security threats
Audit Metadata