meta-cognition-parallel
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection (Category 8) due to its handling of external data.
- Ingestion points: The skill ingests untrusted user data via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: The skill uses simple markdown headers (e.g.,
## User Query) to separate instructions from user input. These are weak delimiters that can be bypassed by an adversary providing crafted input designed to hijack the sub-agent's behavior. - Capability inventory: The skill has the capability to read local files from the
../../agents/directory and execute sub-agents using theTask()orchestration function. - Sanitization: There is no evidence of input validation, escaping, or filtering for the
$ARGUMENTScontent before it is passed to the parallel sub-agents. - [COMMAND_EXECUTION]: The skill utilizes a
Task()function to launch parallel processes. In this context, these are framework-level sub-agents rather than arbitrary shell commands, representing the intended orchestration logic of the vendor.
Audit Metadata