Delegation

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains instructions for executing a local utility script via bun run located at ~/.claude/skills/Agents/Tools/ComposeAgent.ts to facilitate agent identity generation.
  • [COMMAND_EXECUTION]: An execution logging workflow is defined that appends task metadata to a local JSONL file (~/.claude/PAI/MEMORY/SKILLS/execution.jsonl) using shell append operations.
  • [PROMPT_INJECTION]: The skill defines patterns for passing prompts and context to subagents and teams, which represents an inherent surface for indirect prompt injection:
  • Ingestion points: User-provided task descriptions and message content (e.g., in Task() and SendMessage()) are processed as instructions for subordinate agents.
  • Boundary markers: Delimiters or instructions to ignore embedded content are not explicitly defined in the provided orchestration examples.
  • Capability inventory: Subagents created via these patterns have capabilities spanning file system access, shell execution, and tool usage depending on the agent type (e.g., Engineer or Architect).
  • Sanitization: No input validation or escaping mechanisms are described for the data passed between agents in the documented workflows.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — Delegation