team-implement
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its core data ingestion workflow.\n
- Ingestion points: Requirements are ingested from Jira, GitHub, and arbitrary URLs via the WebFetch tool as described in SKILL.md (Step 0.1) and references/spec-workflow.md.\n
- Boundary markers: The skill lacks explicit delimiters or isolation instructions when interpolating raw external requirements into the subagent prompts defined in references/agent-catalog.md.\n
- Capability inventory: The agent team has access to powerful tools including Bash, Write, Edit, and the ability to spawn further subagents via TaskCreate and Teammate operations.\n
- Sanitization: No sanitization or content filtering is performed on ingested external data before it is processed by the AI agents.\n
- Mitigation: The workflow includes a mandatory USER APPROVAL GATE in Phase 5, requiring the user to review the full technical plan and task breakdown before any code changes are implemented in Phase 6.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands and system CLI tools as part of its primary development workflow.\n
- The orchestrator executes gh and jira CLI tools to ingest external issue data.\n
- Implementation subagents (Frontend and Backend Developers) utilize the Bash tool to execute migrations, run tests, and perform codebase discovery as part of the intended development team functionality.
Audit Metadata