parallel-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external task definitions and delegating user-controlled instructions to sub-agents.\n
- Ingestion points: Task definitions including prompts and descriptions are parsed from user input or configuration files in the parsing stage (SKILL.md, Step 1).\n
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified when passing the prompt field to the spawn_agent function.\n
- Capability inventory: The skill utilizes the Task tool for sub-agent orchestration and the Write tool for generating execution reports.\n
- Sanitization: There is no logic provided to sanitize or validate the contents of the user-provided prompt or description fields before delegation.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool for limited local file system inspection.\n
- Evidence: The allowed-tools frontmatter in SKILL.md includes Bash(ls *) for directory listing.
Audit Metadata