team-executor
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its session loading mechanism.
- Ingestion points: Data is ingested from multiple files in a user-specified session directory, including team-session.json, task-analysis.json, and markdown files in the role-specs/ folder.
- Boundary markers: The skill lacks boundary markers or explicit instructions for the model to ignore any embedded directives within the ingested session data.
- Capability inventory: The skill possesses powerful capabilities including Bash execution, file writing (Write), and subagent spawning (Agent).
- Sanitization: There is no evidence of sanitization or validation of the ingested content before it is interpolated into agent prompts or passed to execution tools.
- [COMMAND_EXECUTION]: The skill automates the execution of tasks which may involve shell commands via the Bash tool, driven by logic and role definitions loaded from external, potentially untrusted session files.
Audit Metadata