Skills
skills/team-attention/workshop-upstage/team-assemble/Gen Agent Trust Hub

team-assemble

Warn

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the mode: "bypassPermissions" flag when calling the Task tool in SKILL.md. This bypasses standard security gates and permission prompts for sub-agents, granting them elevated autonomy which can be exploited if they receive malicious instructions.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through its agent-to-agent data flow.
  • Ingestion points: Results from earlier tasks (e.g., {result_1} in SKILL.md and {architect_result} in references/prompt-templates.md) are directly interpolated into the prompts for subsequent agents.
  • Boundary markers: The templates do not use any delimiters (like triple quotes or XML tags) or safety instructions to distinguish between the system's instructions and the untrusted data being processed.
  • Capability inventory: Sub-agents have the ability to execute code, modify files, and update task statuses via the Task and TaskUpdate tools, often under the bypassPermissions flag.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the content produced by one agent before it is used to direct the behavior of the next agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 25, 2026, 02:38 AM