team-planex
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill architecture adheres to intended multi-agent coordination patterns for the environment. All tool usage is within the expected scope of project management and development tasks.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: User requirements provided via command-line arguments (e.g., --text, --plan) or issue IDs are ingested by the coordinator and passed to the planner and executor workers in their respective roles.
- Boundary markers: The worker agent prompts (Agent() templates in SKILL.md and monitor.md) lack explicit delimiters or instructions to ignore embedded instructions in the requirement text.
- Capability inventory: The skill has access to the file system (Bash, Write, Edit), can spawn sub-agents (Agent), and can perform code modifications via the ccw cli tool.
- Sanitization: There is no evidence of sanitization or validation performed on user-provided requirements before they are interpolated into prompts for worker agents or CLI commands.
Audit Metadata