team-agents
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted user input via the task description and interpolates it into the system prompts for spawned subagents.
- Ingestion points: User-provided task descriptions are captured via the command arguments and passed into the agent templates in SKILL.md.
- Boundary markers: The prompt templates for subagents do not include boundary markers or delimiters to isolate the untrusted task description from the agent's instructions.
- Capability inventory: The skill explicitly allows subagents to run shell commands and read files, which increases the potential impact of an injection attack.
- Sanitization: The skill does not perform any validation, filtering, or escaping of the user input before it is used to construct subagent prompts.
Audit Metadata