delegate-multi-agent
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The delegateChain function in delegate.js is vulnerable to indirect prompt injection when passing results between agents. \n
- Ingestion points: Untrusted data enters the context through the context variable in delegateChain, which stores the output of the preceding agent. \n
- Boundary markers: None. The agent output is concatenated directly into the prompt without delimiters or instructions to ignore embedded commands. \n
- Capability inventory: The framework specifies that agents (e.g., 'coding' agent) may have high-privilege capabilities such as file_read, file_write, and file_edit. \n
- Sanitization: There is no evidence of sanitization or escaping of the agent output before it is interpolated into subsequent prompts. \n- [COMMAND_EXECUTION]: The child_process module is imported and exec is promisified at the top of delegate.js, but these functions are not called within the script's logic.
Audit Metadata