agent-delegate
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates arbitrary file content directly into sub-agent prompts without robust sanitization or delimiters that instruct the agent to ignore embedded instructions.
- Ingestion points: The
delegate.jsscript reads file contents from user-specified paths provided via the--filesand--contextflags. - Boundary markers: While the script uses markdown headers and code fences to wrap file content, it does not include explicit warnings to the sub-agent to disregard instructions found within those files.
- Capability inventory: Sub-agents can process complex logic and potentially initiate further delegation or tool calls within their sessions.
- Sanitization: No escaping, validation, or sanitization of the file content is performed before interpolation.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to the official Anthropic API (
api.anthropic.com) to process delegated tasks. This is standard functionality for an LLM-based delegation tool and uses well-known technology service endpoints.
Audit Metadata