team-assign
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
team-manager.pyusing arguments derived from user input fields such astask descriptionandnotes. This creates a potential command injection vulnerability if the input contains shell-sensitive characters and is not properly escaped by the executing agent. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes unvalidated user and brand data.
- Ingestion points: Data enters the system via user-provided task descriptions, notes, and external brand profile files (SKILL.md).
- Boundary markers: The instructions do not define any delimiters or safety prompts to prevent the agent from following instructions embedded within the task metadata.
- Capability inventory: The skill can execute local scripts, read and write to the filesystem (e.g.,
~/.claude-marketing/logs/assignments.json), and communicate externally via Slack and Email MCPs (SKILL.md). - Sanitization: There is no mention of sanitizing or validating user input before it is used in script arguments or outgoing notifications.
Audit Metadata