Skills
skills/pjt222/development-guides/create-team/Gen Agent Trust Hub

create-team

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages the Bash tool to perform local file operations and automation. Specifically, it uses grep to verify agent IDs in agents/_registry.yml, cp to initialize new team files from templates, and npm run update-readmes to regenerate documentation via a local task runner.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by design.
  • Ingestion points: User-provided inputs for 'Team purpose', 'role', and 'responsibilities' are collected in Steps 1, 3, and 6.
  • Boundary markers: The skill does not explicitly define delimiters (e.g., XML tags or triple quotes) to wrap user-provided prose when writing to the destination markdown files.
  • Capability inventory: The skill possesses Write, Edit, and Bash capabilities, allowing it to modify registry files and create executable agent configurations.
  • Sanitization: There is no evidence of input validation or escaping for user-provided text before it is interpolated into the team definition files.
  • [EXTERNAL_DOWNLOADS]: The procedure recommends running npm install to ensure the js-yaml dependency is available. While this involves downloading from the well-known NPM registry, it is a standard practice for maintaining the skill's supporting scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 10:51 PM