mixseek-team-config
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes a validation command using
uv runwhere the file path contains a user-controlled<team-id>. - Evidence: The command
uv run python skills/mixseek-config-validate/scripts/validate-config.py $MIXSEEK_WORKSPACE/configs/agents/team-<team-id>.toml --type teaminSKILL.md(Step 5) is susceptible to shell injection if<team-id>contains characters like;,&, or|. - [PROMPT_INJECTION] (HIGH): The skill acts as a configuration generator that interpolates untrusted user input directly into the
system_instructionfield of ateam.tomlfile. - Ingestion points: Step 1 captures 'チームの目的' (Team purpose) and 'Member Agent' roles from the user.
- Boundary markers: None. The instructions are placed directly into the TOML block without escaping or delimiters.
- Capability inventory: The generated agents are explicitly intended to use
code_execution,web_search, andweb_fetch(Category 8 capability tier: HIGH). - Sanitization: No mention of input sanitization or validation of the text content before embedding it into the sub-agent instructions.
- [REMOTE_CODE_EXECUTION] (MEDIUM): While the validation script is referenced locally, the skill relies on the presence and integrity of a script in another skill's directory (
skills/mixseek-config-validate/scripts/validate-config.py). If that path is writable or points to an untrusted source, it facilitates RCE.
Recommendations
- AI detected serious security threats
Audit Metadata