team-cli
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the
bashtool to interact with thealexbinary. It supports both a pre-installed binary and running directly from source usinggo run ./cmd/alex. These commands manage team execution, status tracking, and tmux-based terminal interactions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it accepts arbitrary strings for flags like
--goal,--prompt, and--messageand interpolates them directly into bash commands. This could allow maliciously crafted input from external data sources to influence the team's execution logic. - [PROMPT_INJECTION] Evidence Chain:
- Ingestion points: Untrusted strings are ingested via the
--goal,--prompt, and--messageflags in SKILL.md. - Boundary markers: No boundary markers or delimiters are used to wrap the interpolated inputs.
- Capability inventory: The skill uses the
bashtool to perform command execution. - Sanitization: No input validation or sanitization routines are defined in the skill for these parameters.
Audit Metadata