team-frontend
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its data ingestion and multi-agent coordination design. * Ingestion points: The analyst role in
role-specs/analyst.mdreads task descriptions, existing project files (package.json, CSS), and performs web searches. * Boundary markers: There are no explicit delimiters or 'ignore embedded instruction' warnings in the worker spawn templates defined inSKILL.mdor the monitor command. * Capability inventory: The developer role can useEditandWritetools on source code, and the coordinator can executeBashcommands. * Sanitization: No sanitization of external or intermediate data is specified before it is passed to subsequent agent phases. - [COMMAND_EXECUTION]: The coordinator role uses the
Bashtool to perform local filesystem operations, such as creating session directory structures inroles/coordinator/role.md. - [EXTERNAL_DOWNLOADS]: The skill identifies a dependency on an external plugin
ui-ux-pro-max-skill, providing installation commands and referencing it via local absolute search paths inspecs/team-config.json.
Audit Metadata