team-composition-patterns
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines task templates in 'references/preset-teams.md' that interpolate external variables like {target}, {hypothesis summary}, and {work stream name} directly into prompts for sub-agents. This creates a surface for indirect prompt injection where malicious content in the processed data could influence agent behavior.
- Ingestion points: Task templates in 'references/preset-teams.md'.
- Boundary markers: Absent; variables are interpolated into the prompt text without isolation delimiters or "ignore instructions" warnings.
- Capability inventory: The agents being configured (e.g., 'general-purpose', 'team-lead') have access to powerful tools including 'Bash', 'Read', 'Write', and 'Edit'.
- Sanitization: No evidence of sanitization, escaping, or validation of the interpolated content is provided.
Audit Metadata