team-quality-assurance
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the codebase being analyzed. Malicious instructions hidden in source code comments or documentation could influence the behavior of the scout, generator, or strategist roles. \n
- Ingestion points: Codebase content is ingested in roles/scout/role.md and roles/generator/role.md.\n
- Boundary markers: The prompts use headers but lack explicit escaping or instructions to ignore embedded commands in the processed files.\n
- Capability inventory: The agents have access to Bash, Write, Edit, and sub-agent spawning capabilities.\n
- Sanitization: No explicit sanitization or filtering of codebase content is performed before processing.\n- [COMMAND_EXECUTION]: The executor role (roles/executor/role.md) executes test suites using tools like npm, vitest, and pytest. This allows the execution of code defined in the project's test files and package scripts, which could be abused if an attacker can modify those files or if the generator is tricked into creating malicious tests.
Audit Metadata