team
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill manages team lifecycles by executing internal Node.js scripts for cleanup and utilizing shell commands for background process monitoring and Git worktree management.
- [EXTERNAL_DOWNLOADS]: Recommends the use of CLI tools from trusted organizations, specifically OpenAI and Google, to enhance the capabilities of autonomous worker agents.
- [PROMPT_INJECTION]: The orchestration logic presents an attack surface for indirect prompt injection by interpolating user-defined task descriptions into sub-agent prompts.
- Ingestion points: User task descriptions provided to the /team command.
- Boundary markers: The skill uses structured preambles and work protocols to define roles, though it does not explicitly encapsulate the user-provided task data in strict delimiters.
- Capability inventory: Spawned worker agents have significant privileges, including filesystem modification and shell access.
- Sanitization: There is no documented validation or escaping of the user-provided task description before it is distributed to worker agents.
Audit Metadata