claude-devfleet
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to orchestrate sub-agents via user-provided prompts, creating an attack surface for indirect prompt injection.
- Ingestion points: Arbitrary text prompts are accepted by the
plan_project(prompt)andcreate_mission(prompt)tools defined in SKILL.md. - Boundary markers: The skill does not implement or specify the use of delimiters or 'ignore' instructions to prevent sub-agents from executing malicious commands that might be embedded in mission descriptions.
- Capability inventory: Sub-agents dispatched by this skill operate in git worktrees with the ability to modify project files and likely execute system commands for testing and building.
- Sanitization: There is no evidence of prompt sanitization or validation before the orchestration engine dispatches tasks to the parallel agents.
Audit Metadata