Skills
skills/davila7/claude-code-templates/crewai/Gen Agent Trust Hub

crewai

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill uses Python and YAML templates that interpolate user-provided data (e.g., '{topic}') directly into agent goals and task descriptions. This creates a surface for indirect prompt injection if the source data is untrusted.
  • Ingestion points: Variables interpolated into 'config/agents.yaml' and 'config/tasks.yaml'.
  • Boundary markers: Absent; there are no clear delimiters or instructions to ignore embedded commands within the input variables.
  • Capability inventory: The code examples include integration with 'SerperDevTool' and 'WebsiteSearchTool', which allow agents to fetch and process data from the web.
  • Sanitization: No input validation or escaping logic is demonstrated in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:57 PM