team-coordinator
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. 1. Ingestion points: User-provided tasks enter the coordinator context in SKILL.md through trigger phrases like '帮我做...' or '分配任务'. 2. Boundary markers: Absent; no delimiters or instructions are used to distinguish the coordinator's own logic from untrusted user data. 3. Capability inventory: The skill has the authority to delegate tasks to agents with sensitive capabilities in SKILL.md, including code execution (xiaocode) and system operations (xiaoops), using message() and sessions_spawn() functions. 4. Sanitization: Absent; the skill does not validate or sanitize external content before interpolating it into messages for employee agents.
Audit Metadata