team-designer
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a generator for agent instructions based on user descriptions, creating an indirect prompt injection surface. Evidence: 1. Ingestion points: Phase 1 user input processing in SKILL.md and 01-requirements-analysis.md. 2. Boundary markers: Absent. 3. Capability inventory: Write, Edit, and Bash tools used for scaffolding in 02-scaffold-generation.md and 03-content-generation.md. 4. Sanitization: No explicit sanitization of user input before its use in generated instructions.
- [COMMAND_EXECUTION]: The instructions guide the agent to use the Bash tool for directory creation (mkdir -p) with names derived from user input (e.g., skill name, role names). This represents a minor risk of command injection or directory traversal if the executing agent does not sanitize these inputs.
Audit Metadata