team-load
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from local YAML configuration files and uses it to construct agent prompts.
- Ingestion points: The skill reads configuration from
.team-profiles/{name}.yamland role definitions from~/.claude/skills/team-init/references/. - Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are used when interpolating configuration data into agent prompts.
- Capability inventory: The skill can create teams, spawn multiple agents with high privileges, create tasks, and read files.
- Sanitization: No sanitization or validation of the prompt content within the YAML files (specifically the
snapshotformat) is performed before being passed to sub-agents. - [COMMAND_EXECUTION]: The skill creates agents using the
mode: "bypassPermissions"flag. This allows the created agents to execute tools and commands without the standard user confirmation prompts, significantly increasing the impact if a malicious configuration file is loaded. - [DATA_EXFILTRATION]: While no direct network exfiltration was detected, the skill reads sensitive local configuration data and project context. If the loaded configuration directs agents to send this data externally, the high-privilege state of the agents would facilitate this behavior.
Audit Metadata