agentica-prompts
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a 'Directory Handoff Mechanism' where agents read from and write to shared locations (e.g., '.claude/cache/agents/'). This creates an indirect prompt injection surface where a compromised or manipulated output from one agent can influence the behavior of downstream agents.
- Ingestion points: System prompts instruct agents to read inputs from {INPUT_DIR} (found in SKILL.md).
- Boundary markers: The provided templates lack delimiters or specific instructions to treat data from upstream agents as untrusted or to ignore embedded commands.
- Capability inventory: The orchestration architecture grants agents access to high-risk capabilities including bash(), read_file(), write_file(), and edit_file() (found in SKILL.md).
- Sanitization: No patterns for sanitizing, validating, or escaping data are provided before the information is processed by subsequent agents.
Audit Metadata