subagents-orchestration-guide
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill orchestrates a multi-agent pipeline that processes untrusted user requirements. Malicious instructions embedded in requirements could influence design documents and subsequent automated implementation tasks.
- Ingestion points: User requirements are ingested by the requirement-analyzer agent in SKILL.md.
- Boundary markers: Prompt construction templates (e.g.,
prompt: "Requirements: [user requirements]...") do not specify the use of delimiters or boundary markers to isolate untrusted input from system instructions. - Capability inventory: The orchestration flow delegates implementation authority (Edit/Write/MultiEdit) to subagents and shell execution authority (Bash) to the orchestrator.
- Sanitization: No sanitization or validation of the requirements is described before they are passed into the multi-agent context.
- [COMMAND_EXECUTION]: The orchestrator is permitted to use the Bash tool for "verification commands" and "git commit" as listed in the Orchestrator's Permitted Tools table. Additionally, subagents are tasked with autonomously discovering and running "Specific commands" from project configurations to verify their work.
Audit Metadata