resolve_parallel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data (TODO comments) and uses them to trigger agent actions.
- Ingestion points: Step 1 ('Gather the things todo from above') reads comments from files in the workspace.
- Boundary markers: Absent. There are no delimiters or instructions to ignore malicious content within the TODO comments.
- Capability inventory: The skill can spawn sub-agents ('pr-comment-resolver'), commit files, and push to remote repositories.
- Sanitization: Absent. The skill does not validate or sanitize the content of the TODOs before passing them to the sub-agent.
- Data Exfiltration (LOW): The skill performs network operations to push code to a remote server.
- Evidence: Step 4 ('Push to remote').
- Context: While this is the primary purpose of the skill, it creates a vector where a compromised agent (via malicious TODO) could push sensitive data (like .env files) to an attacker-controlled remote.
Audit Metadata