skills/lvlup-sw/exarchos/delegate/Gen Agent Trust Hub

delegate

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a delegation workflow that is vulnerable to indirect prompt injection. In 'SKILL.md' and 'references/implementer-prompt.md', task descriptions are extracted from implementation plans and inserted into subagent prompts without the use of boundary markers, escaping mechanisms, or specific instructions to disregard embedded commands. An attacker could potentially embed malicious instructions within a task description to hijack the subagent's execution context.
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands for its core functionality, such as 'git worktree add' and 'npm install', as detailed in 'references/workflow-steps.md' and 'references/worktree-enforcement.md'. These commands are necessary for setting up isolated development environments but constitute a broad capability that could be misused if subagents are compromised.
  • [REMOTE_CODE_EXECUTION]: The implementation process involves running 'npm install' and 'npm run test', which results in the execution of third-party code from external package registries and local test suites. This is the intended behavior for a developer-centric delegation tool but represents a point where untrusted code is executed in the worktree environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 06:25 PM
Security Audit — agent-trust-hub — delegate