agent-team-orchestration-v3-public
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Includes a shell script (
scripts/setup-team.sh) designed to automate the creation of agent workspaces. The script performs local directory creation and symlinking within the platform's standard configuration path (~/.openclaw). - [PROMPT_INJECTION]: The skill's orchestration architecture creates an indirect prompt injection surface where sub-agent outputs influence the main agent's decisions.
- Ingestion points: The orchestrator reads agent-generated reports such as
score-report.md, as detailed inreferences/workflow.md. - Boundary markers: Role-specific
TOOLS.mdtemplates inreferences/role-templates.mdprovide explicit constraints to prevent agents from reading their own instructions or entering tool-call loops. - Capability inventory: The main agent is granted
sessions_spawnpermissions to manage sub-agent lifecycles, as shown inreferences/architecture.md. - Sanitization: The workflow implements a structured parsing approach where the orchestrator extracts JSON from agent reports to determine success criteria, minimizing the risk of natural language instruction overrides (
references/workflow.md).
Audit Metadata