team-lead
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: In SKILL.md, the skill is susceptible to indirect prompt injection because it processes user-provided task descriptions to orchestrate and instruct sub-agents.
- Ingestion points: The 'Analyze' and 'Create team' steps in the workflow ingest user-provided task descriptions to define sub-agent roles and specific task items.
- Boundary markers: No explicit boundary markers or instructions are provided to isolate user-provided task content or warn agents to disregard embedded instructions when spawning or messaging sub-agents.
- Capability inventory: The skill leverages powerful tools like TeamCreate, TaskCreate, and Agent to spawn and coordinate sub-agents. These agents (e.g., 'backend', 'fixer') typically possess broad capabilities, including file system modification and shell command execution.
- Sanitization: The instructions lack procedures for sanitizing, escaping, or validating user input before it is used to parameterize the creation and coordination of the multi-agent team.
Audit Metadata