team-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core delegation logic.
- Ingestion points: Untrusted data enters via user requests starting with triggers like "帮我做..." (Help me do...), "分配任务" (Assign task), or direct mentions of sub-agents.
- Boundary markers: The skill lacks explicit instructions to wrap user tasks in delimiters or provide "ignore embedded instructions" warnings when calling the
message()orsessions_spawn()tools. - Capability inventory: The skill has the capability to execute
message(action=send, accountId=...)andsessions_spawn(task=..., agentId=...), allowing it to pass potentially malicious payloads to specialized agents likexiaocodeorxiaoops. - Sanitization: There is no evidence of escaping, validation, or filtering of user content before it is interpolated into delegation commands.
Audit Metadata