skills/lalulali/vespyr/delegate/Gen Agent Trust Hub

delegate

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines a direct workflow for executing arbitrary shell commands through an automated sub-agent. This capability can be abused to run unauthorized processes if user input is not strictly controlled. Evidence: The @executor workflow specifically templateizes the command 'Run [command] and summarize output'.
  • [PROMPT_INJECTION]: The delegation mechanism is susceptible to indirect prompt injection because it passes raw user data to sub-agents without defining security boundaries. Ingestion points: User-provided inputs for file paths, file content, and shell commands are ingested in SKILL.md. Boundary markers: The skill does not employ delimiters or 'ignore' instructions to separate user data from agent instructions during delegation. Capability inventory: The delegated agents have high-privilege capabilities, including reading files (@reader), modifying the file system (@writer), and executing commands (@executor). Sanitization: No input validation, escaping, or sanitization logic is prescribed for the delegated payloads.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 03:53 AM