team-lifecycle
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection.
- Ingestion points: The 'analyst' role reads files based on user input, and the 'planner' role explores the entire codebase using semantic search and pattern analysis.
- Boundary markers: The skill relies on structured templates (e.g., 'product-brief.md', 'requirements-prd.md') and specific CLI tool modes to maintain structure, but lacks explicit instructions to ignore embedded commands within the ingested data.
- Capability inventory: The agent has capabilities including file modification ('Edit', 'Write'), command execution ('Bash'), and the ability to spawn further agents ('Agent') and tasks ('TaskCreate').
- Sanitization: Validation is performed via 'reviewer' and 'fe-qa' roles using weighted scoring dimensions and quality gates, which provides mitigation against malformed or malicious outputs.
- [COMMAND_EXECUTION]: The 'tester' and 'executor' roles dynamically invoke shell commands like 'vitest', 'pytest', and 'tsc' based on the presence of configuration files like 'package.json' or 'pyproject.toml'. While these are standard development tools, the execution environment is dependent on the contents of the processed repository, which could be manipulated to include malicious test scripts.
Audit Metadata