subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues detected. The skill implements a robust development process with built-in verification steps and explicit instructions for reviewers to maintain skepticism and verify code independently.\n- [PROMPT_INJECTION]: The skill processes task descriptions from implementation plans. While this represents a surface for indirect prompt injection (Category 8), it is effectively managed through a mandatory multi-stage review process that requires independent verification of code changes.\n
- Ingestion points: Implementation plans and task descriptions are read into the agent context in SKILL.md and implementer-prompt.md.\n
- Boundary markers: Input data is clearly delimited using markdown section headers such as ## Task Description and ## What Was Requested.\n
- Capability inventory: The implementer-prompt.md template allows sub-agents to perform file modifications and run tests.\n
- Sanitization: The workflow incorporates a specialized spec-reviewer-prompt.md designed to verify output independently, explicitly instructing the reviewer not to trust the report of the implementer and to verify work by reading the actual code.
Audit Metadata