dispatching-parallel-agents
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill documentation explicitly supports a 'Bash' subagent type, enabling the execution of arbitrary system commands through the 'Task' tool.- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8). The skill orchestrates sub-agents by passing prompts that incorporate external codebase content or test results. If these inputs contain malicious instructions, they can compromise the agent's actions.
- Ingestion points: The 'prompt' parameter within the 'Task' tool calls, which is designed to receive context from failing tests or subsystems (e.g., in File SKILL.md under 'The Pattern').
- Boundary markers: Absent. The instructions do not use delimiters or 'ignore' directives when interpolating external content into sub-agent prompts.
- Capability inventory: Includes 'Bash' for arbitrary command execution and 'general-purpose' for file system modifications and multi-step reasoning.
- Sanitization: Absent. There is no evidence of sanitization, validation, or escaping of data extracted from the environment before it is passed to the Task tool.
Recommendations
- AI detected serious security threats
Audit Metadata