team-management
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
create-team.shscript executes administrative commands to manage the lifecycle of agent containers. This includes usingdocker execanddocker cpto inject configuration files directly into running containers, andmc mirrorto synchronize team data with remote storage. It also invokes secondary orchestration scripts such ascreate-worker.shandmanage-teams-registry.shto provision resources. The script handles administrative credentials from a secrets file to obtain necessary access tokens for Matrix room orchestration, which is documented as a standard practice for this platform.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it interpolates user-supplied data, such as worker names and skill descriptions, into the instruction files (AGENTS.mdandSOUL.md) of the created agents. \n - Ingestion points: User-provided arguments to
create-team.shincluding--workers,--worker-skills, and--worker-mcp-servers.\n - Boundary markers: The script utilizes
<!-- hiclaw-team-context-start -->delimiters to separate injected coordination context from the rest of the agent's instructions.\n - Capability inventory: The skill possesses significant capabilities including the ability to execute
dockercommands, perform network requests to the internal Matrix server, and modify filesystem contents across agent directories.\n - Sanitization: The script uses
jqto safely construct JSON payloads for API requests, while relying on template-based interpolation for Markdown documentation.
Audit Metadata