subagents-orchestration-guide
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface through its orchestration logic.
- Ingestion points: In SKILL.md, the orchestrator takes raw user-provided requirements and embeds them directly into the prompt for the 'requirement-analyzer' subagent.
- Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings used to isolate user input within the subagent's prompt.
- Capability inventory: The orchestrator has the ability to execute 'git commit' via Bash, and subagents like 'task-executor' have 'Edit/Write' authority over the filesystem.
- Sanitization: No input validation, escaping, or filtering is applied to user requirements before they are passed to subagents.
- [COMMAND_EXECUTION]: The orchestrator is designed to perform shell operations and file modifications. It executes 'git commit' using Bash during the task management cycle described in SKILL.md. Additionally, subagents are granted implementation authority to edit and write files during the autonomous execution phase.
Audit Metadata