Skills
skills/try-works/rlm-workflow-acp/rlm-subagent/Gen Agent Trust Hub

rlm-subagent

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to how it processes and passes external data to subagents.\n
  • Ingestion points: The skill ingests untrusted data through the SP Text (sub-phase specification) and Implementation summary fields within the Implementer and Code Reviewer subagent prompt templates defined in SKILL.md.\n
  • Boundary markers: The prompt templates lack explicit delimiters or markers to isolate user-controlled data from the instruction logic, increasing the risk that embedded instructions in the sub-phase text could override the subagent's intended behavior.\n
  • Capability inventory: The skill leverages the Task tool to spawn subagents and requires file access for implementation, documentation, and review tasks across all phases in SKILL.md.\n
  • Sanitization: No sanitization, validation, or escaping of the ingested data is described before it is interpolated into the prompts for sub-agent execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 09:26 AM