team-coordination
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security vulnerabilities were detected. The skill is purely instructional and guides the agent on how to manage project metadata for collaborative development.
- [COMMAND_EXECUTION]: The skill documents the use of standard Git operations (pull, push, fetch, show) and common CLI utilities (cat, grep, md5) for the purpose of synchronizing team state files. These operations are consistent with the skill's stated purpose and do not involve unauthorized command execution.
- [DATA_EXPOSURE]: While the skill mentions environment variables like 'STRIPE_WEBHOOK_SECRET' in documentation examples, it does not provide instructions or commands to read, store, or exfiltrate the actual values of these secrets.
- [INDIRECT_PROMPT_INJECTION]: The agent is instructed to read and report information from shared markdown files such as
state.mdandactive.md. This creates an ingestion point for data modified by other team members, but since the information is used solely for project coordination and manual status updates, the risk is minimal and characteristic of collaborative tooling.
Audit Metadata