rust-team
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an orchestration pattern that interpolates user-supplied arguments ("$ARGUMENTS") and agent-generated handoff content from ".local/handoff/" directly into the system prompts of spawned sub-agents.
- Ingestion points: User-provided task descriptions via "$ARGUMENTS" and YAML handoff files stored in ".local/handoff/" (referenced in "SKILL.md" and "references/team-workflow.md").
- Boundary markers: The skill uses structured headers like "## Team Context" and "## Task Management" to delimit instructions, but lacks explicit "ignore embedded instructions" wrappers for the interpolated untrusted content.
- Capability inventory: The orchestrator has access to the "Agent" tool for spawning sub-agents, "SendMessage" for inter-agent communication, and shell tools for "git" and "gh" operations.
- Sanitization: No explicit sanitization or validation of the interpolated handoff content or user arguments is performed before being passed to sub-agents.
- [EXTERNAL_DOWNLOADS]: The skill documentation specifies a prerequisite to install an external plugin named "rust-agents" via the command "claude plugin install rust-agents" (found in "SKILL.md").
- [COMMAND_EXECUTION]: The orchestration workflow includes the execution of shell commands for repository management, specifically "git commit" and "gh pr create" (found in "references/team-workflow.md").
Audit Metadata