team-solve
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by incorporating user-provided descriptions into the instructions for investigator and validator agents.
- Ingestion points: User input parsed in Phase 1 (Problem Decomposition) is used to define task descriptions for sub-agents in Phase 2 and Phase 5.
- Boundary markers: Absent. User content is interpolated into agent prompts without delimiters or instructions to ignore embedded commands.
- Capability inventory: Sub-agents have access to the Task tool to spawn further agents and can execute shell commands for research and testing.
- Sanitization: No explicit sanitization or escaping of external content is performed before interpolation.
- [COMMAND_EXECUTION]: The skill executes local shell commands to manage the investigation and implementation process.
- Evidence: Usage of git status and git diff to track changes, mktemp for temporary storage of diffs, and dynamic execution of the project's own test, lint, and typecheck tooling discovered at runtime.
- Context: These operations are consistent with the skill's primary purpose of investigating and solving codebase problems.
Audit Metadata