sub-agent-delegation

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's documentation and code snippets reference the @anthropic-ai/claude-agent-sdk. This is the official library from a well-known technology provider and is considered a safe dependency.
  • [PROMPT_INJECTION]: The sub-agent delegation pattern establishes a surface for indirect prompt injection where malicious instructions could be passed to the Task tool if user-controlled data is interpolated into the sub-agent's prompt without proper handling.
  • Ingestion points: Prompts passed as arguments to the Task or Agent tool in the SDK usage examples.
  • Boundary markers: The provided prompt templates do not demonstrate the use of delimiters or explicit instructions to the sub-agent to ignore embedded commands within interpolated text.
  • Capability inventory: Sub-agents are described as having access to significant capabilities, including WebFetch, Read, Grep, and Write tools.
  • Sanitization: The skill does not illustrate sanitization, validation, or escaping techniques for the dynamic content used to generate sub-agent instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 10:27 AM
Security Audit — agent-trust-hub — sub-agent-delegation