team-driven
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture creates a multi-step communication chain where agents ingest and act upon data from other agents, representing a surface for indirect prompt injection.
- Ingestion points: Implementer agents receive task instructions from the lead agent via SendMessage, and the Reviewer agent receives implementation reports from the implementers (as specified in implementer-teammate-prompt.md and reviewer-teammate-prompt.md).
- Boundary markers: The prompt templates do not define explicit delimiters or 'ignore' instructions to isolate message content from the agents' core instructions.
- Capability inventory: Subagents are spawned with general-purpose capabilities, which typically include file system access and tool execution.
- Sanitization: No mechanisms for sanitizing or validating the content of inter-agent messages are described in the skill.
Audit Metadata