team-load
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external configuration data from YAML files located in the .team-profiles/ directory. This creates a surface for indirect prompt injection where a maliciously crafted file could define agent prompts or task instructions.
- Ingestion points: Reads configuration from the .team-profiles/ folder in the current working directory.
- Boundary markers: No explicit delimiter or instruction to ignore embedded directives is used when interpolating file content into agent prompts.
- Capability inventory: The skill utilizes TeamCreate, Agent (with bypassPermissions mode), TaskCreate, and TaskUpdate to instantiate the team environment.
- Sanitization: No sanitization or structural validation is performed on the prompt content loaded from snapshots beyond simple placeholder replacement for paths and project names.
Audit Metadata