team-coordinate
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection.\n
- Ingestion points: User-provided task descriptions are ingested in
SKILL.mdand processed by the coordinator inroles/coordinator/role.md.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the dynamic role-spec generation logic in
roles/coordinator/role.mdorspecs/role-spec-template.md.\n - Capability inventory: The system can spawn sub-agents via the
Agenttool and execute system-level commands usingBashas defined inSKILL.md.\n - Sanitization: There is no evidence of escaping, validation, or filtering of user input before it is interpolated into instructions for spawned worker agents.\n- [COMMAND_EXECUTION]: The skill grants broad system access via the
Bashtool to dynamically generated worker roles.\n - Evidence:
SKILL.mdallows theBashtool for all workers. The coordinator spawnsteam-workeragents with these capabilities to perform tasks like code implementation or research, which involves executing arbitrary shell commands based on runtime-generated instructions.
Audit Metadata