do-in-parallel
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses strong imperative language and negative constraints (e.g., "you MUST NOT perform the task yourself", "you will be killed immediately") to ensure the agent maintains its role as an orchestrator and does not attempt to execute implementation tasks directly. These are task-alignment instructions and do not attempt to bypass core safety guidelines.- [PROMPT_INJECTION]: The skill processes user-supplied task descriptions and target lists, which creates an attack surface for indirect prompt injection as this data is interpolated into sub-agent prompts. \n
- Ingestion points: SKILL.md (user-provided task descriptions and targets from command arguments). \n
- Boundary markers: The orchestrator uses XML-style tags such as and to delimit user-provided content from instructions in sub-agent prompts. \n
- Capability inventory: The skill dispatches sub-agents with specialized roles (meta-judge, judge, implementer) using the Task tool. \n
- Sanitization: User input is directly interpolated into prompt templates without explicit sanitization or validation logic.
Audit Metadata