fan-out-work

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where untrusted data from the file system is interpolated into agent instructions.
  • Ingestion points: Work items are discovered using git diff, grep, and glob as described in SKILL.md (Phase 0), and passed to the workflow as args.items in references/fanout-patterns.md.
  • Boundary markers: The provided workflow patterns do not utilize delimiters or specific instructions to the agent to treat item names or content as non-executable data when passed to sub-agents.
  • Capability inventory: The orchestration uses Bash, Agent, and Workflow tools, enabling significant file system and environment interaction (SKILL.md).
  • Sanitization: No evidence of validation or escaping for the discovered file paths or module names exists before they are embedded into the agent() call strings in references/fanout-patterns.md.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:15 AM
Security Audit — agent-trust-hub — fan-out-work