agent-teams
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration manages automated environment setup via
worktree-init.cjsand executes testing suites using specialized sub-agents. These actions are performed within isolated worktrees as part of the intended development workflow.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it relies on external data inplan.mdto coordinate sub-agent activities.\n - Ingestion points:
plan.md(orchestration source).\n - Boundary markers: No explicit delimiter or instruction-ignore markers are defined in the configuration.\n
- Capability inventory: Sub-agents like
builder,validator, ande2e-runnerhave filesystem access and command execution permissions within their worktree environments.\n - Sanitization: The architecture implements verification through
validatorandsecurity-auditoragents, which acts as a downstream check but does not sanitize the initial input.
Audit Metadata