team-composition-patterns
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a collection of design patterns and heuristics for organizing AI agent teams, containing no executable code or malicious scripts.
- [SAFE]: No remote code execution or unauthorized external downloads are present in the provided instructions or reference documents.
- [PROMPT_INJECTION]: The Research Team preset configuration (found in
preset-teams.md) creates a surface for indirect prompt injection through the use of web-based tools. - Ingestion points: Untrusted data enters the agent context via
WebSearchandWebFetchtools as described in the Research Team members section. - Boundary markers: The provided task templates lack explicit delimiters or instructions for agents to disregard commands that might be embedded in retrieved web content.
- Capability inventory: The agents are granted
general-purposestatus, which includes file system modification and shell execution (Bash) capabilities. - Sanitization: The instructions do not define or recommend sanitization steps for data retrieved from the web before it is processed by the agents.
- [SAFE]: References to
~/.claude/settings.jsoninSKILL.mdare for standard platform configuration of display modes (tmux, iTerm2) and do not represent a data exfiltration risk.
Audit Metadata