neo-team-kiro
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The orchestrator agent reads project-level documentation such as
CLAUDE.mdandAGENTS.mdand incorporates this content directly into the prompts for sub-agents. This represents an indirect prompt injection surface if an attacker controls the repository's documentation files. - [COMMAND_EXECUTION]: The 'System Analyzer' and 'QA' specialist roles are configured to use shell commands (via the
bashtool) for system diagnostics (e.g.,kubectl,psql,docker) and test execution. These capabilities are intended for the specialist roles and include specific safety instructions, such as restricting database operations to read-only queries. - [EXTERNAL_DOWNLOADS]: The skill provides templates for bootstrapping E2E testing environments using Playwright and Jest. This process involves downloading standard development packages from official registries. These operations target well-known services and are consistent with the skill's primary purpose.
Audit Metadata