Skills
skills/catlog22/claude-code-workflow/team-review/Gen Agent Trust Hub

team-review

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run standard developer utilities such as tsc, eslint, semgrep, and pytest for code analysis and verification. These actions are within the scope of a code review tool.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) due to its multi-stage data processing pipeline.
  • Ingestion points: Source code is ingested by scanner.md, and scan results/reports are processed by reviewer.md and fixer.md.
  • Boundary markers: Prompts constructed for background agents in roles/coordinator/commands/monitor.md and role-specs/fixer.md do not include explicit delimiters or instructions to ignore embedded commands in the ingested data.
  • Capability inventory: The pipeline can modify source code via the Edit tool (in fixer.md), run shell commands via Bash (in scanner.md and fixer.md), and spawn new agents via the Agent tool (in monitor.md).
  • Sanitization: No input validation or sanitization is performed for code content or tool findings before they are interpolated into agent prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 04:10 PM