task-coordinator
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Dynamic Execution (MEDIUM): The orchestration logic uses the pattern
Task(subagent_type: T.metadata.reviewer, ...)to dynamically determine which subagent to invoke. This relies on metadata fields which, if influenced by untrusted external data (such as user-provided task descriptions or external triggers), could allow an attacker to redirect execution to unauthorized subagents or restricted tools. - Indirect Prompt Injection (LOW): The skill creates an attack surface where malicious instructions could be embedded in data processed by the agent.
- Ingestion points: The skill reads from a local ledger file (
.agents/workflow-ledger.yml) and task metadata objects to determine workflow state. - Boundary markers: Absent; there are no delimiters or explicit instructions to ignore embedded commands within the ledger data.
- Capability inventory: The skill possesses significant capabilities including subagent spawning, task lifecycle management, and local filesystem write access.
- Sanitization: Absent; the provided patterns do not include validation for the integrity of the ledger file or the content of the task metadata.
Audit Metadata