analyze-team-session
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches official agent teams best practices and token cost guidelines from code.claude.com using the WebFetch tool.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted markdown session exports. • Ingestion points: Reads the full markdown session export file in Step 1. • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the transcript are provided. • Capability inventory: The skill has the ability to perform network requests via WebFetch and write files to the local .claude/output/ directory. • Sanitization: No specific sanitization or validation of the session transcript content is performed before the analysis is generated.
Audit Metadata