parallel-task
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Vulnerability to Indirect Prompt Injection. The skill's primary function is to interpret and act upon untrusted external data found in markdown plan files.
- Ingestion points: The skill reads external plan files (e.g., plan.md) in Steps 1 and 2 to extract task descriptions, criteria, and validation steps.
- Boundary markers: The Task Prompt Template in Step 3 lacks explicit delimiters or instructions to treat the interpolated content as untrusted data, increasing the risk that the subagent will follow instructions embedded within the plan's text.
- Capability inventory: Subagents are given broad permissions to explore the file system, modify files, and execute validation procedures, providing a significant impact vector if the plan content is malicious.
- Sanitization: No sanitization, escaping, or verification of the plan file content is performed before it is used to generate prompts for subagents.
Audit Metadata