Skills
skills/profsynapse/pact-plugin/pact-agent-teams/Gen Agent Trust Hub

pact-agent-teams

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill's protocol is vulnerable to indirect prompt injection because it instructs agents to read and act upon task descriptions and metadata provided by potentially untrusted upstream agents.
  • Ingestion points: SKILL.md instructions in the 'On Start' and 'Reading Upstream Context' sections specify reading task descriptions and metadata via TaskGet and TaskList tools.
  • Boundary markers: The protocol lacks specifications for using delimiters or boundary markers to isolate instructions found within ingested task data.
  • Capability inventory: The skill enables agents to modify system state via TaskUpdate and communicate with other components via SendMessage.
  • Sanitization: No sanitization or validation logic is defined for data retrieved from tasks before it is incorporated into the agent's context.
  • [SAFE]: The skill uses local file system paths (~/.claude/agent-memory/ and ~/.claude/teams/) for application-specific state and configuration. No sensitive credential paths or unauthorized network operations were detected.
  • [SAFE]: The Python test file (test_skill_loading.py) uses yaml.safe_load() for parsing configuration, which is a security best practice for preventing YAML deserialization attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 12:05 PM