cavecrew
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a delegation workflow that processes untrusted code files, creating an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the context through
cavecrew-investigator(code location),cavecrew-builder(file editing), andcavecrew-reviewer(diff review), as specified in SKILL.md. - Boundary markers: The instructions do not define delimiters or boundary markers to isolate the sub-agent outputs from the primary instruction stream in the main context.
- Capability inventory: The described sub-agents possess the capability to read and modify files on the local filesystem (SKILL.md).
- Sanitization: There is no mention of sanitizing or validating the data returned from sub-agents before it is processed by the main agent thread.
Audit Metadata