sub-agent-delegation
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's documentation and code snippets reference the
@anthropic-ai/claude-agent-sdk. This is the official library from a well-known technology provider and is considered a safe dependency. - [PROMPT_INJECTION]: The sub-agent delegation pattern establishes a surface for indirect prompt injection where malicious instructions could be passed to the
Tasktool if user-controlled data is interpolated into the sub-agent's prompt without proper handling. - Ingestion points: Prompts passed as arguments to the
TaskorAgenttool in the SDK usage examples. - Boundary markers: The provided prompt templates do not demonstrate the use of delimiters or explicit instructions to the sub-agent to ignore embedded commands within interpolated text.
- Capability inventory: Sub-agents are described as having access to significant capabilities, including
WebFetch,Read,Grep, andWritetools. - Sanitization: The skill does not illustrate sanitization, validation, or escaping techniques for the dynamic content used to generate sub-agent instructions.
Audit Metadata