Context-Inappropriate Capability
Medium
- Confidence
- 89% confidence
- Finding
- The documentation states that when autonomous looping is enabled, sub-agents may access broad file-operation tools including create, update, read, list, and delete, even though the page is specifically about sub-agent delegation. In a multi-agent orchestration context, this expands the attack surface significantly: delegated agents can modify local state or exfiltrate data if prompted maliciously or if task boundaries are unclear.
