team
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external task descriptions and local state files to coordinate workers, creating an indirect prompt injection attack surface.\n
- Ingestion points: Reads task descriptions, mailbox JSON files, and team state files located in
.omx/state/team/.\n - Boundary markers: Does not implement explicit delimiters or isolation instructions to protect agent workers from potentially malicious instructions embedded in the shared state or task lists.\n
- Capability inventory: The skill allows for broad command execution via
tmux send-keys,git, and theomxCLI.\n - Sanitization: Content sanitization is restricted to the team name, with no documented escaping for task payloads or inter-agent messages.\n- [COMMAND_EXECUTION]: The skill relies on executing local system commands (
tmux,git,omx) to manage agent panes, session lifecycles, and repository state. It dynamically assembles instructions and sends them to worker panes viatmux send-keys.
Audit Metadata