team-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill's primary function is agent-to-agent orchestration.- [PROMPT_INJECTION]: The skill instructs the agent to act in an 'executive' role to manage tasks. These instructions do not attempt to bypass core safety filters, ignore system prompts, or switch to an unrestricted 'DAN' mode.- [INDIRECT_PROMPT_INJECTION]: The skill defines a surface where user-provided task descriptions are routed to sub-agents (e.g., 'xiaocode' or 'xiaoops'). While this involves processing untrusted data, the risk is inherent to the coordinator role.
- Ingestion points: User requests triggered by phrases like '帮我做...' or '分配任务'.
- Boundary markers: Not explicitly defined in the coordinator's prompts.
- Capability inventory: The coordinator uses 'message()' and 'sessions_spawn()' to communicate with sub-agents but does not have direct access to high-privilege system commands.
- Sanitization: No sanitization is performed at the coordinator level.- [DATA_EXFILTRATION]: There are no hardcoded credentials or instructions to access sensitive local files (like SSH keys or AWS configs). All communication is directed towards internal employee agent accounts.- [REMOTE_CODE_EXECUTION]: The skill does not download external scripts via curl/wget or execute remote code from untrusted domains.
Audit Metadata