agent-teams
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The framework has an inherent indirect prompt injection surface as it ingests untrusted feature specifications and source code produced during the development cycle. * Ingestion points: Agents read feature specifications from '_project_specs/features/*.md' and source code for review and testing. * Boundary markers: None explicitly mentioned in the agent prompts to separate data from instructions. * Capability inventory: Includes file system access, git operations, and execution of test suites (npm test, pytest). * Sanitization: No explicit sanitization or escaping of external content is described before interpolation into agent context.
- [COMMAND_EXECUTION] (LOW): The Quality and Feature agents are instructed to execute CLI tools and test suites (e.g., npm, pytest, git, gh). This is the intended behavior for an automated software engineering workflow and does not involve downloading or executing unknown remote scripts.
Audit Metadata