Skills
skills/vibeeval/vibecosystem/parallel-agent-contracts/Gen Agent Trust Hub

parallel-agent-contracts

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands for code validation and searching. Specifically, it uses npx tsc --noEmit to run the TypeScript compiler and grep to search the source directory for existing type definitions. These are standard development operations and are appropriate for the skill's stated purpose of managing code implementation.
  • [PROMPT_INJECTION]: The skill provides a template for spawning implementation agents that includes placeholders for task descriptions. These templates lack explicit boundary markers or instructions to treat the task descriptions as untrusted data, which constitutes a surface for indirect prompt injection if the descriptions are sourced from external or untrusted inputs.
  • Ingestion point: [Description] and [Actual task description] placeholders in SKILL.md prompt template.
  • Boundary markers: None identified.
  • Capability inventory: Shell command execution (npx tsc, grep).
  • Sanitization: No sanitization or validation of the interpolated task content is present.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 09:04 AM
Security Audit — agent-trust-hub — parallel-agent-contracts