electrobun-teams
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes a sequential multi-agent pipeline where the 'ui-agent' produces an RPC contract that is then passed as a prompt component to the 'backend-agent'. This architecture introduces a surface for indirect prompt injection.
- Ingestion points: The 'electrobun-backend-agent' receives the 'RPC contract handoff' as a text input during its initialization.
- Boundary markers: No specific delimiters or instructions to 'ignore embedded commands' are specified for the handoff data, increasing the risk that the LLM might interpret data within the contract as instructions.
- Capability inventory: The agents have file-system access to create and modify source code and configuration files (e.g.,
src/bun/index.ts,electrobun.config.ts) based on the input they receive. - Sanitization: No sanitization or validation logic is defined for the handoff document before it is processed by the second agent.
- [COMMAND_EXECUTION]: The skill relies on the
CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMSenvironment variable to enable advanced platform tools (TeamCreate,Agent,TaskUpdate) that orchestrate file writing and development tasks. While these are legitimate tools for the described purpose, the automated generation of agent prompts based on intermediate output represents dynamic context generation.
Audit Metadata