neo-team-claude
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains explicit instructions to override standard security evaluation logic. In
references/security.mdandreferences/code-reviewer.md, agents are directed to disregard findings related to missing authentication or authorization guards, which could lead to the oversight of critical security flaws.\n- [DATA_EXFILTRATION]: The system analysis component is configured to access and process sensitive environment files, which typically contain production credentials and secrets.\n - Evidence:
references/system-analyzer.mdspecifies reading.env.local,.env.sit,.env.uat, and.env.prod.references/system-analyzer-cli-tools.mdincludes commands to export variables from these files for database access.\n- [COMMAND_EXECUTION]: The skill makes extensive use of theBashtool to execute high-privilege system commands for infrastructure management and database interaction.\n - Evidence:
references/system-analyzer-cli-tools.mdprovides templates forkubectl,psql,argocd, anddockercommands.\n- [PROMPT_INJECTION]: The orchestration logic inSKILL.mdcreates an indirect prompt injection surface by interpolating the contents of project files and previous agent outputs directly into the prompts of specialists with shell access.\n - Ingestion points:
CLAUDE.md,AGENTS.md, and.envfiles.\n - Boundary markers: Lacks robust 'ignore instructions' warnings or escaping for interpolated content.\n
- Capability inventory: Specialist agents have access to
Bash,Edit, andWritetools.\n - Sanitization: No sanitization or validation of external project data is performed before prompt interpolation.
Audit Metadata