Electrobun Teams
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a sequential multi-agent pipeline where the output of the 'ui-agent' (the RPC contract) is directly interpolated into the prompt of the 'backend-agent'. This creates a surface for indirect prompt injection if the first agent is manipulated or produces malicious instructions in its output. \n
- Ingestion points: The orchestrator passes the handoff document into the
Agenttool prompt for the backend agent. \n - Boundary markers: The documentation suggests a Markdown structure for the handoff but lacks explicit delimiters (e.g., XML tags or triple quotes) or 'ignore' instructions to prevent the second agent from obeying commands embedded in the contract. \n
- Capability inventory: Agents have the capability to write and modify source files (
src/) and platform configuration (electrobun.config.ts). \n - Sanitization: There is no evidence of sanitization or validation of the handoff content before it is processed by the second agent.
Audit Metadata