team-perf-opt
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently utilizes the
Bashtool across multiple roles. The coordinator uses it for session directory setup, while the profiler and benchmarker roles use it to execute project-specific diagnostic and benchmarking tools (e.g.,cargo bench,go test -bench, or manual timed executions). The optimizer role additionally employs a CLI tool viaBashto implement code changes. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests and processes untrusted data from the local project environment.
- Ingestion points: Roles such as the profiler and optimizer read source code, configuration files (e.g.,
package.json,Cargo.toml), and performance reports as specified inrole-specs/profiler.mdandrole-specs/optimizer.md. - Boundary markers: The
roles/coordinator/commands/dispatch.mdfile defines structured Markdown templates that use headers (PURPOSE, TASK, CONTEXT) and---delimiters to separate instructions from external data. - Capability inventory: The agents possess capabilities to execute shell commands (
Bash), modify the filesystem (Write,Edit), and spawn further sub-agents (Agent), which could be exploited if an injection occurs. - Sanitization: No explicit logic is provided to sanitize or validate the content of files read from the project before they are included in the prompts for the worker agents.
Audit Metadata