Skills
skills/del-taiseiozaki/claude-code-orchestra/team-implement/Gen Agent Trust Hub

team-implement

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates dynamic data into sub-agent instructions.
  • Ingestion points: The variables {feature}, {module}, and {task list} are interpolated into the system prompts for 'Implementer' and 'Tester' agents in SKILL.md.
  • Boundary markers: The skill does not utilize delimiters (such as XML tags or markdown blocks) to isolate untrusted task descriptions from the core agent instructions.
  • Capability inventory: Sub-agents are granted file-write access and the ability to execute terminal commands (e.g., ruff).
  • Sanitization: No logic is present to sanitize or escape the content of the task lists before they are added to the prompt templates.
  • [COMMAND_EXECUTION]: The skill executes local command-line tools for quality assurance and integration.
  • Evidence: Step 4 in SKILL.md invokes uv run ruff, uv run pytest, uv run ty, and poe all.
  • Description: These are standard developer tools for linting, testing, and task automation. Their use is consistent with the skill's purpose of managing a codebase implementation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 08:50 PM