Skills
skills/witooh/skills/neo-team/Gen Agent Trust Hub

neo-team

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it treats project-level documentation as an authoritative source of instructions for high-privilege agents.\n
  • Ingestion points: The orchestrator in SKILL.md reads project context from CLAUDE.md, AGENTS.md, and CONTRIBUTING.md to define behavior for the specialist agents.\n
  • Boundary markers: Although the orchestration prompt uses headers (e.g., ## Project Conventions) and delimiters (---), it lacks explicit instructions for sub-agents to ignore potentially malicious or overriding directives embedded within these files.\n
  • Capability inventory: The system delegates tasks to agents with Bash, Edit, and Write capabilities (see references/developer.md and references/devops.md), which could be abused if the agents are successfully injected by malicious content in project files.\n
  • Sanitization: The skill performs no sanitization or filtering of the content extracted from the project documentation files before interpolating it into the sub-agent system prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 08:10 AM