team-save
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to manage the local filesystem. Specifically, it executes 'mkdir -p' to ensure the storage directory exists and 'mv' to rename existing configuration files to '.bak' for backup purposes. These commands are used according to best practices for a backup utility.\n- [DATA_EXFILTRATION]: The skill accesses the '~/.claude/teams/' directory to read team configurations and agent prompts. While this involves reading internal application data, it is the primary intended function of the skill and no external network transmission occurs.\n- [PROMPT_INJECTION]: The skill processes existing agent prompts which may contain embedded instructions. Although it does not execute these prompts, it serves as a mechanism for transferring them into persistent files.\n
- Ingestion points: Reads prompts from config.json files in the '~/.claude/teams/' directory.\n
- Boundary markers: Prompt content is stored using YAML block scalars ('|') to maintain structural integrity.\n
- Capability inventory: The skill has permissions to write and edit files and execute limited shell commands.\n
- Sanitization: No content filtering is applied to the prompts being saved, as the skill is intended to create faithful backups.
Audit Metadata