team-edict
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill displays a vulnerability surface for indirect prompt injection by design.
- Ingestion points: Untrusted data enters the agent context through user-provided arguments in
SKILL.mdand through generated plan files (e.g.,zhongshu-plan.mdanddispatch-plan.md) which are read and processed by thecoordinator,menxia, andshangshuroles. - Boundary markers: The skill uses basic markdown formatting and headers, but lacks explicit instruction delimiters or 'ignore instructions' guards when interpolating potentially attacker-controlled content into prompts for sub-agents.
- Capability inventory: The skill possesses extensive capabilities, including spawning new agents (
Agent), writing and editing files (Write,Edit), and executing system commands (Bash) and analysis tasks viaccw cli. - Sanitization: There is no evidence of content validation or escaping before external data is interpolated into prompt templates for subsequent agent phases.
Audit Metadata