respond-first
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill package is composed entirely of YAML metadata, JSON configuration, and Markdown instructions. It does not include any Python scripts, Node.js modules, or binary executables.
- [PROMPT_INJECTION]: The skill's dispatcher architecture represents an indirect prompt injection surface as it passes user tasks to sub-agents. Ingestion points: User instructions are incorporated into the 'task' field of the sessions_spawn tool call as defined in SKILL.md. Boundary markers: No specific delimiters or safety instructions are provided to isolate user content within the delegated task. Capability inventory: The skill utilizes the sessions_spawn tool to delegate work to sub-agent sessions. Sanitization: There is no evidence of input filtering or sanitization performed on user input before delegation.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The architecture is consistent with the skill's stated goal of multi-agent coordination, and the functionality is limited to the delegation of tasks via standard session management tools.
Audit Metadata