task-delegation
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill establishes an orchestration framework where subagents are spawned based on prompts and metadata generated by prior tasks. This creates a surface where a compromised subagent could provide malicious metadata to influence the behavior of the orchestrator or subsequent agents.
- Ingestion points: The orchestrator reads task details via TaskGet, TaskList, and a reflection queue file (.claude/context/runtime/reflection-spawn-request.json).
- Boundary markers: No explicit sanitization or instruction-ignoring delimiters are required by the protocol when interpolating metadata into new task prompts.
- Capability inventory: The system can spawn new agents (Task) and modify task states (TaskUpdate), potentially propagating malicious instructions through the chain.
- Sanitization: The documentation does not specify validation or sanitization requirements for metadata values before they are used in prompt generation.
- [NO_CODE]: The skill consists entirely of markdown documentation and instructional templates. It does not contain executable scripts or binary files, reducing the direct execution risk.
Audit Metadata