team-stop
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
lsto list active teams in~/.claude/teams/andrm -rfto delete specific team directories during cleanup. These operations are intended and necessary for the core functionality of the skill. - [PROMPT_INJECTION]: The skill ingests team and member names from the local file system and configuration files to perform actions like deletion and messaging. While these values are used in file paths and commands, the skill incorporates a verification step (checking for the existence of
config.json) which serves as a basic validation of the target path. - Ingestion points: Team names are derived from directory listings in
~/.claude/teams/or provided via arguments; member names are read fromconfig.json(SKILL.md). - Boundary markers: None present.
- Capability inventory: File system operations (
ls,mkdir,rm -rf), messaging (SendMessage), and resource management (TeamDelete) (SKILL.md). - Sanitization: The skill verifies the existence of a configuration file before deletion, but does not implement explicit input sanitization for path traversal on the team name variable.
Audit Metadata