teamwork
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified within the multi-agent coordination and reporting workflow. This vulnerability allows content from one participating model to potentially influence the host agent's instructions.
- Ingestion points: Model performance comments in
score-manager.js, relayed inter-model messages inherald.js, and task descriptions inteam-coordinator.js. - Boundary markers: The system lacks explicit delimiters or "ignore embedded instructions" warnings when processing or relaying messages between models.
- Capability inventory: The skill can create directories and write files (e.g., reports, configurations) to the local workspace via
scripts/init.jsandutils/template-renderer.js. - Sanitization: No prompt-specific escaping or validation is performed on model-generated content before it is interpolated into templates or relayed to the host model.
- [DATA_EXFILTRATION]: The skill manages AI provider credentials by requesting API keys from the user and storing them in local configuration files (
.trae/config/providers.json). While no network exfiltration or unauthorized access to external sensitive files (such as SSH keys) was detected, the storage of credentials in plain-text JSON files is a notable behavior.
Audit Metadata