team
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill manages an indirect prompt injection surface by processing user-provided tasks and codebase context to drive sub-agent actions. It implements a robust 'Worker Preamble' with explicit 'RULES' that forbid workers from spawning sub-agents or using orchestration commands.
- Ingestion points: User-provided task descriptions and codebase metadata from the 'explore' agent.
- Boundary markers: Detailed preamble instructions establishing the worker's restricted role.
- Capability inventory: File system access, shell execution (Bash), and agent spawning (Task).
- Sanitization: Implements name sanitization for git branches and uses structured prompt templates.
- [EXTERNAL_DOWNLOADS]: The documentation identifies optional dependencies for specialized workers, including @openai/codex and @google/gemini-cli. These originate from well-known technology providers.
- [COMMAND_EXECUTION]: Employs standard system utilities including 'tmux' for process management and 'git worktree' for environment isolation. It also utilizes an internal maintenance script ('cleanup-orphans.mjs') for resource cleanup.
Audit Metadata