team-stack
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements an indirect prompt injection surface because it processes untrusted task descriptions and codebase content to generate instructions for sub-agents. However, this is properly mitigated by the architecture.
- Ingestion points: Task descriptions and codebase files (via
Read,Grep,Glob,Bash) inSKILL.md. - Boundary markers: Instructions require sub-agent prompts to be structured with "Definition of Ready" and "Definition of Done" sections to delimit inputs and outputs.
- Capability inventory:
Agent(spawning agents),TeamCreate,TaskCreate, and restrictedBash(git commands). - Sanitization: The skill explicitly requires user confirmation via
AskUserQuestion(Phase 3) before creating the team or spawning agents (Phase 4). - [SAFE]: The skill uses dynamic execution patterns by generating prompts for sub-agents at runtime. This behavior is expected for an orchestration skill and uses structured templates to maintain consistency.
- [SAFE]: Tool access is well-scoped; for instance, the
Bashtool is restricted to specific, non-destructivegitoperations.
Audit Metadata