multi
Pass
Audited by Gen Agent Trust Hub on Jul 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the orchestration of parallel subagents that process external repository data and web content, which presents a surface for indirect prompt injection due to a lack of explicit instruction isolation in sub-task prompts.\n
- Ingestion points: Data enters the subagent context through repository file reads and web research results as defined in the
Sourcesection of the member task prompts inreferences/task-prompt.md.\n - Boundary markers: The generic task prompt template in
references/task-prompt.mdlacks delimiters (such as XML tags or unique markers) to clearly separate sub-task instructions from the untrusted data being analyzed.\n - Capability inventory: The skill utilizes the host
Tasktool (subagent) with capabilities for exploration, gathering, and research, which involve file system access and network operations.\n - Sanitization: There is no evidence of filtering, escaping, or validation performed on external content before it is interpolated into sub-task prompts.
Audit Metadata