workflow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is primarily designed to automate workflows by executing various subcommands of the
agent-teamCLI. These commands include worker management (create, open, assign, status, merge) and workflow orchestration (create, validate, state update). All commands appear to be standard tool operations for the intended environment. - [PROMPT_INJECTION]: The skill acts as a controller that processes feedback from workers and interprets content from local YAML workflow templates. This creates a surface for indirect prompt injection where instructions could potentially be embedded in external data inputs.
- Ingestion points: Worker responses captured via
agent-team worker statusandagent-team reply, as well as user-created workflow templates and state files in.agents/workflow/. - Boundary markers: No explicit boundary markers or "ignore instructions" delimiters are defined in the orchestration logic. The skill relies on structural YAML validation via
agent-team workflow validate. - Capability inventory: Extensive command execution capabilities via the
agent-teamCLI, including the ability to assign tasks to other workers and merge code changes. - Sanitization: No specific sanitization or escaping of worker-provided output or YAML content is mentioned before it is processed by the controller.
Audit Metadata