ensemble-team
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's setup instructions in Phase 6 direct the user to grant high-privilege permissions, including Bash and file editing, to sub-agents acting as Drivers. While necessary for software development, these represent a significant capability surface.
- [EXTERNAL_DOWNLOADS]: In Phase 2, the skill uses WebSearch to gather information on experts and their philosophies. This process ingests untrusted external content into the agent's context to generate persona profiles.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data from research or project files could influence the behavior of agents with significant system access. 1. Ingestion points: WebSearch results (Phase 2) and project configuration files (PROJECT.md). 2. Boundary markers: Absent. The skill lacks structural delimiters or safety instructions to isolate the researched content. 3. Capability inventory: Driver agents have full shell access and file editing capabilities (SKILL.md). 4. Sanitization: No explicit validation or sanitization of search results is defined before the data is used in sub-agent prompts.
Audit Metadata