Skills
skills/maleko91/claude-code-adaptive-subagents/adaptive-subagents/Gen Agent Trust Hub

adaptive-subagents

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to log routing decisions to a local file using a Bash command that interpolates user-influenced content.
  • Evidence: The instruction echo "{model} | ... | {brief task description}" >> routing.log directly inserts the variable {brief task description} into a shell command.
  • Risk: If a user provides a task description containing shell metacharacters (e.g., backticks, command substitution, or semicolons), it could result in unintended command execution when the agent attempts to log the entry.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the way it delegates tasks to subagents.
  • Ingestion points: User requests are decomposed and passed to subagents via the Agent tool in the SKILL.md file.
  • Boundary markers: The instructions lack explicit boundary markers or delimiters to isolate user-provided task descriptions when they are passed into the subagent's prompt.
  • Capability inventory: Subagents have access to sensitive tools including Read, Glob, Grep, Edit, and Write (depending on subagent_type).
  • Sanitization: There is no instruction to sanitize or escape user-provided content before it is interpolated into subagent prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 10:58 PM