agent-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The documentation describes patterns that create an Indirect Prompt Injection surface by design.
- Ingestion points: Patterns such as 'Fungible Swarm' and 'Batch Workflows' (detailed in references/delegation-patterns.md) involve sub-agents reading and acting upon project files, task boards, and arbitrary data items.
- Boundary markers: The skill suggests 'Context Bundling' and 'Manifest of Objective' (in references/orchestration.md) but does not provide specific instructions for using delimiters or warnings to ignore commands embedded in processed data.
- Capability inventory: Templates describe agents with high-privilege tools including Bash, Write, Edit, and WebFetch.
- Sanitization: The skill does not mention sanitizing or validating ingested data content before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill provides documentation on high-privilege patterns including the use of the Bash tool and lifecycle hooks that execute local shell scripts (e.g., './scripts/run-linter.sh' in references/sub-agent-configuration.md). It also details the 'bypassPermissions' mode which allows agents to skip standard permission checks.
- [EXTERNAL_DOWNLOADS]: Research-oriented agent patterns described in the documentation involve the use of 'WebFetch' and 'WebSearch' tools to access and retrieve data from external sources.
Audit Metadata