squads
Warn
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/activate-squad.sh' extracts dependency names from 'squad.yaml' and passes them into a 'node -e' command. This process lacks sufficient sanitization, potentially allowing a maliciously crafted 'squad.yaml' file to execute arbitrary Node.js code. Additionally, the skill frequently uses 'execSync' and 'node -e' to perform discovery and validation tasks.
- [EXTERNAL_DOWNLOADS]: The 'activate-squad.sh' script automatically performs 'npm install' for dependencies listed in the 'squad.yaml' manifest. This mechanism allows a squad definition to trigger the download and installation of arbitrary packages from the npm registry into the local environment.
- [PROMPT_INJECTION]: The skill's primary function is to ingest and orchestrate 'squads' defined by external Markdown and YAML files. These files contain system prompts and instructions for sub-agents, creating an indirect prompt injection surface. A malicious squad definition could be used to manipulate the agent's behavior or access sensitive project data through the provided toolset.
Audit Metadata