Skills
skills/affaan-m/everything-claude-code/team-builder/Gen Agent Trust Hub

team-builder

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via malicious markdown files.
  • Ingestion points: Processes markdown files from project-local directories and global directories like ~/.claude/agents/ (Step 1).
  • Boundary markers: No delimiters or warnings are used when reading file content; the raw content is concatenated directly into the prompt (Step 4).
  • Capability inventory: Spawns sub-agents via the Agent tool using the read content as the primary instruction set (Step 4).
  • Sanitization: No sanitization, validation, or escaping of the markdown content is performed before interpolation into the sub-agent prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 04:28 AM