subagents
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates a delegation workflow where a parent agent provides a prompt to a sub-agent, creating a surface for indirect prompt injection if untrusted data is interpolated into that prompt.\n
- Ingestion points: The
promptargument in thecall_subagenttool.\n - Boundary markers: Absent; the documentation suggests self-contained prompts but does not define specific technical delimiters for data isolation.\n
- Capability inventory: Sub-agents can be initialized as
magic(full tool access) orshell(script execution and system operations) agents.\n - Sanitization: No explicit sanitization or validation of the prompt content is required or described by the skill instructions.\n- [COMMAND_EXECUTION]: The skill documents and enables access to a
shellagent designed for script execution, dependency installation, and system-level operations. These capabilities represent high-privilege functions managed via the delegation toolset.
Audit Metadata