agent-teams
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a multi-agent orchestration pattern where subagents ingest and process untrusted external data, creating an attack surface for indirect prompt injection.
- Ingestion points: Teammates defined in 'research-team-prompt.md' use 'WebSearch' and 'GitHub CLI' to retrieve third-party information; 'review-team-prompt.md' and other templates involve subagents reading arbitrary project source files.
- Boundary markers: The prompt templates for initializing subagents do not include explicit delimiters or instructions to ignore embedded commands within the fetched data.
- Capability inventory: Subagents are granted capabilities for file system access (read/write based on ownership), web searching, and triggering additional tasks or messages to the lead agent.
- Sanitization: There is no explicit sanitization, filtering, or validation logic provided to check external content before it is incorporated into the agent's operational context.
Audit Metadata