team-ultra-analyze
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool to execute 'ccw cli' commands for its core analysis tasks, including codebase exploration, pattern detection, and generating multi-perspective insights.
- [COMMAND_EXECUTION]: Orchestration logic dynamically constructs sub-agent prompts and CLI commands by interpolating variables such as analysis topics, perspectives, and user feedback, which are then executed within the workflow.
- [PROMPT_INJECTION]: The skill is exposed to potential indirect prompt injection as it ingests and processes untrusted data from the codebases it analyzes. Evidence: (1) Ingestion points: The 'explorer' role reads codebase data via 'ccw cli' and 'mcp__ace-tool__search_context', while the 'analyst' role reads these results. (2) Boundary markers: Prompt templates use structured headers such as PURPOSE, TASK, and CONTEXT to separate instructions from data. (3) Capability inventory: Sub-agents have access to 'Bash', sub-agent spawning via 'Agent', and file system operations. (4) Sanitization: There is no explicit sanitization of codebase content before it is interpolated into analysis prompts.
Audit Metadata