fan-out-work
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where untrusted data from the file system is interpolated into agent instructions.
- Ingestion points: Work items are discovered using
git diff,grep, andglobas described inSKILL.md(Phase 0), and passed to the workflow asargs.itemsinreferences/fanout-patterns.md. - Boundary markers: The provided workflow patterns do not utilize delimiters or specific instructions to the agent to treat item names or content as non-executable data when passed to sub-agents.
- Capability inventory: The orchestration uses
Bash,Agent, andWorkflowtools, enabling significant file system and environment interaction (SKILL.md). - Sanitization: No evidence of validation or escaping for the discovered file paths or module names exists before they are embedded into the
agent()call strings inreferences/fanout-patterns.md.
Audit Metadata