building-subagents
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill ingests untrusted data from the user-provided
domainargument and outputs fromWebSearchorWebFetchtools during the research phase (Phase 1). - Boundary markers: The provided agent template (Phase 2 and Agent Template section) does not utilize delimiters or specific instructions to the LLM to treat research-derived content as untrusted when drafting the subagent's guidelines or workflow.
- Capability inventory: The skill allows for the creation of agents with powerful tools including
Bash(command execution),Write/Edit(file system modification), andTask(agent orchestration). - Sanitization: There are no mechanisms described for sanitizing, escaping, or validating the external content before it is interpolated into the new agent's definition.
Audit Metadata