agent-teams

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill specification is functionally coherent with its stated purpose (coordinating agent teams) but contains multiple high-risk operational features: broad tool permissions for teammates, inherited dangerous flags, hooks that execute arbitrary commands, and ambiguous message transport. There is no clear evidence of intentional malicious code in the document itself, but the described capabilities permit powerful local actions (file edits, shell commands) and could be abused for credential access or data exfiltration, especially given the ambiguous message delivery channel and persisted plaintext state under ~/.claude. Recommend treating this as suspicious until the implementation confirms that messaging is local-only, hooks are sandboxed/permissioned, and persisted data is protected; privilege minimization (least privilege for teammates) and explicit, auditable messaging transport should be required. LLM verification: This file is a benign design/usage document describing Agent Teams and inter-agent coordination; it contains no executable code or direct indicators of malware. The principal security risk is the runtime implementation: spawning 'general-purpose' teammates with Edit/Bash/Task access and a TeamDelete operation can enable data exposure, code modification, or destructive actions if not controlled. Recommendations: enforce least-privilege defaults (narrow tool scopes per teammate), require explicit