agent-teams
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (MEDIUM): The skill documentation encourages users to enable high-risk configurations. Specifically, it suggests using the '--dangerously-skip-permissions' flag for the lead agent, which is then inherited by all spawned teammates. This allows the agents to execute code and modify the filesystem without user approval.
- [External Downloads] (LOW): The setup guide in 'references/configuration.md' directs users to download and install third-party tools such as 'it2' from a specific GitHub repository and 'tmux' via system package managers using 'sudo'.
- [Indirect Prompt Injection] (LOW): The skill's primary use case involves processing untrusted external data (e.g., PR reviews, bug reports) which could contain malicious instructions for the agent team.
- Ingestion points: Lead agent ingests GitHub PR data and user-provided problem descriptions (e.g., 'review PR #142').
- Boundary markers: Absent; prompt templates do not include delimiters or instructions to ignore embedded commands in the data.
- Capability inventory: Teammates possess full 'Claude Code' capabilities, including filesystem access, tool execution, and code refactoring.
- Sanitization: No evidence of input sanitization or validation of the ingested external content.
Audit Metadata