context-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect prompt injection surface via subagent delegation and task persistence mechanisms.
- Ingestion points: Untrusted data enters the agent context through subagent summaries (defined in
delegation-patterns.md) and task descriptions (defined intask-patterns.md). - Boundary markers: Absent. The patterns do not include delimiters or specific instructions to ignore embedded commands when processing or summarizing external data.
- Capability inventory: The patterns involve subagents with the capability to read files, search codebases, and perform security or performance reviews. The main agent relies on these potentially poisoned outputs to determine subsequent actions.
- Sanitization: Absent. There is no evidence of sanitization, validation, or escaping of data returned by subagents before it is integrated into the persistent task list or main reasoning context.
Audit Metadata