team-save
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads from the
~/.claude/teams/directory to retrieve agent configurations and prompts. Accessing these system-level directories can expose sensitive operational data and agent instructions. - [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute
mkdir -pandmvcommands. These commands incorporate variables like{save_name}which are derived from user input or arguments. Without proper validation, these inputs could be manipulated to execute unintended shell commands. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and path traversal because it uses unsanitized user arguments to construct file paths for both reading configurations and writing snapshots.
- Ingestion points: Arguments passed to the skill ($ARGUMENTS) and user input from the AskUserQuestion tool.
- Boundary markers: There are no markers or validation steps to ensure that provided names do not escape the intended directory structure.
- Capability inventory: File system access via Bash (mkdir, mv), Write, and Edit tools.
- Sanitization: The skill does not perform any escaping or validation on user-provided strings before using them in file paths or commands.
Audit Metadata