cowork-sessions
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection through its session orchestration workflow.
- Ingestion points: The skill processes 'task descriptions' during the INITIALIZING phase to determine subtasks and execution order (SKILL.md).
- Boundary markers: There are no specified delimiters or instructions defined in the documentation to isolate or ignore potentially malicious instructions embedded within these external task descriptions.
- Capability inventory: The skill is configured with 'Bash' and 'Task' tools, the latter of which is used to spawn sub-agents for executing subtasks derived from the potentially untrusted input.
- Sanitization: The documentation does not specify any validation, filtering, or sanitization steps for the 'task description' input before it influences the planning and agent dispatching stages.
Audit Metadata