team-iterdev
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted inputs from the environment and interpolates them into agent prompts.
- Ingestion points: The tester role reads test failure outputs and error messages in 'roles/tester/role.md', and the reviewer role reads source code and git diffs in 'roles/reviewer/role.md'.
- Boundary markers: Data is ingested into structured markdown sections but lacks explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has access to tools for file modification (Write, Edit), shell execution (Bash), and sub-agent spawning (Agent).
- Sanitization: There is no evidence of input validation or escaping for data ingested from logs or codebase exploration.
- [COMMAND_EXECUTION]: The tester role programmatically identifies and executes local test runners such as npm test, pytest, and cargo test based on environment detection.
- [REMOTE_CODE_EXECUTION]: The skill dynamically constructs prompts and configurations to spawn worker sub-agents via the Agent tool, representing runtime-generated instructions.
Audit Metadata