team-designer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a meta-generator, creating new AI agent instructions based on user input, which constitutes an indirect prompt injection surface.
- Ingestion points: User-provided requirements, roles, and domain descriptions in Phase 1.
- Boundary markers: The generated files do not consistently utilize boundary markers or 'ignore' instructions when interpolating user descriptions into the new skill's router and role files.
- Capability inventory: The skill uses Agent(), Bash(), Write(), and Edit() to create and manage the generated skills.
- Sanitization: Only basic formatting (kebab-case) is enforced for names; the primary descriptive content is interpolated without significant validation.
- [COMMAND_EXECUTION]: The skill utilizes the Bash(*) tool to create directory structures and manage files during the scaffolding phase as seen in phases/02-scaffold-generation.md. While these operations are directed at the skill development directory, they represent the execution of shell commands derived from internal logic.
Audit Metadata