agent-teams-command
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The 'Hooks' configuration section includes examples that execute local Python scripts (e.g.,
scripts/check-idle.py,scripts/validate-task.py) via the shell. These scripts are not provided within the skill documentation, meaning any implementation following these examples relies on external, unverified code. - [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by design.
- Ingestion points: The orchestration templates (Campaigns 1, 2, and 3) explicitly instruct agents to read and analyze untrusted external project files, such as database schemas, research documents, and source code.
- Boundary markers: The provided prompt templates lack delimiters or instructions to the agent to disregard potential instructions embedded within the analyzed data.
- Capability inventory: The skill leverages multi-agent orchestration tools (
experimental.agentTeams) and suggests the execution of shell commands through system hooks. - Sanitization: No mechanisms are described for sanitizing or validating untrusted content before it is processed by the agent team.
Audit Metadata