Skills
skills/rhuss/cc-spex/teams-orchestrate/Gen Agent Trust Hub

teams-orchestrate

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses jq and shell redirection to modify the agent's internal configuration file (.claude/settings.local.json). This alters the execution environment by enabling experimental features automatically without explicit user intervention beyond the initial skill invocation.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting data from tasks.md and spec.md to drive its orchestration logic.
  • Ingestion points: The skill reads tasks.md to analyze dependencies and spec.md to provide context for sub-agents.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the ingested files.
  • Capability inventory: The skill possesses the ability to execute shell commands (jq), spawn multiple sub-agents, and perform git operations (worktree management).
  • Sanitization: No sanitization or validation is performed on the content of the markdown files before they are parsed or interpolated into sub-agent prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 05:51 PM