delegate-task
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill forwards user-defined tasks and context strings to sub-agents, creating a surface for indirect prompt injection where malicious instructions in the input could influence sub-agent actions.
- Ingestion points: The task and context parameters in the delegate function serve as entry points for untrusted data.
- Boundary markers: There are no explicit delimiters or instructions to sub-agents to ignore embedded commands documented in the examples.
- Capability inventory: Sub-agents can be configured with high-privilege tools such as vscode for file system access and brave-search for network connectivity.
- Sanitization: No sanitization or validation of the input strings is described in the skill documentation.
Audit Metadata