subagent-teams
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions, jailbreak attempts, or system prompt extraction patterns were found. The provided templates encourage structured task execution with explicit constraints (e.g., 'Do NOT modify any files. Research only.').
- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, API keys, or attempts to access sensitive system paths (like ~/.ssh or ~/.aws) were detected. The tools used are standard for development environments.
- [Indirect Prompt Injection] (SAFE): The skill possesses a data ingestion surface through
WebFetchandWebSearchtools, but it is not classified as a vulnerability here because the orchestration logic is focused on internal codebase management and includes instructions that limit the scope of subagent actions. - Ingestion points:
WebFetch,WebSearchtools (reference/task-tool-guide.md). - Boundary markers: Templates use clear role-based instructions to delimit tasks.
- Capability inventory:
Edit,Write, andNotebookEdittools are available togeneral-purposeagents for implementation tasks. - Sanitization: Not explicitly mentioned, but the 'Review Team' pattern is designed to provide human-in-the-loop style validation of changes.
- [External Downloads] (SAFE): The skill depends on other logical agent skills ('extension-authoring-skill', 'agent-teams-skill') but does not perform any unauthorized remote script execution or third-party package installations.
Audit Metadata