Skills
skills/peachsolution/peach-harness/peach-think-team/Gen Agent Trust Hub

peach-think-team

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands (cat, grep, echo) to verify configuration settings in ~/.claude/settings.json and detect the presence of environment variables or plugins. It also uses a Python one-liner in Section 8 of SKILL.md to modify its own internal configuration file (~/.claude/teams/[team_name]/config.json) for team cleanup tasks.
  • [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection (Category 8).
  • Ingestion points: Arbitrary user-supplied topics, project context, and task descriptions enter the agent context through the main orchestrator interface.
  • Boundary markers: While the prompt templates in references/team-patterns.md use markdown headers (e.g., ## 배경), they lack explicit instructions or strict delimiters to prevent sub-agents from executing commands or following instructions embedded within the user-provided data.
  • Capability inventory: The skill orchestrates sub-agents with extensive capabilities, including file system modification (dev and reviewer roles) and arbitrary shell command execution (the deployer role explicitly prompts the agent to run provided bash commands).
  • Sanitization: There is no evidence of validation, escaping, or sanitization of the user-provided input before it is interpolated into the prompts for sub-agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 01:12 AM