claude-devfleet
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill serves as an orchestration layer where user-provided prompts are propagated to sub-agents that perform coding tasks. While this constitutes an indirect prompt injection surface, it is consistent with the skill's primary purpose.
- Ingestion points: Untrusted user input enters the system via the
promptparameter in theplan_projectandcreate_missiontools defined inSKILL.md. - Boundary markers: There are no explicit boundary markers or instructions defined in the documentation to isolate user prompts from system instructions when missions are dispatched.
- Capability inventory: The skill manages agents capable of executing code and modifying the filesystem via git worktrees, with the ability to auto-merge changes upon completion as described in
SKILL.md. - Sanitization: The skill does not implement sanitization or validation of the prompts before they are passed to the mission execution environment.
Audit Metadata