task-based-multiagent
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect prompt injection surface identified through the task coordination mechanism.
- Ingestion points: The skill reads and parses untrusted text (task descriptions) from the
tasks.mdfile. - Boundary markers: Absent. The provided snippets do not include delimiters or specific instructions for the agent to ignore embedded commands within the task description.
- Capability inventory: The architecture includes spawning task workflows (
spawn_task_workflow), executing templates (execute_template), and performing git operations. - Sanitization: Absent. The sample Python scripts do not demonstrate escaping or validation of task descriptions before they are used to influence workflow logic.
- [Command Execution] (SAFE): The skill uses shell-based tools like
git worktreeand Python subprocesses for workflow isolation and execution. These are consistent with the skill's primary purpose of orchestration and do not represent a security violation in this context.
Audit Metadata