subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection through the processing of implementation plans. Task descriptions from these external files are interpolated directly into the instructions for implementer and reviewer subagents.\n
- Ingestion points: Task descriptions are extracted in
SKILL.mdand passed into templates inimplementer-prompt.mdandspec-reviewer-prompt.md.\n - Boundary markers: The prompts use markdown headers (e.g.,
## Task Description) to separate untrusted content, which provides minimal protection against adversarial input.\n - Capability inventory: Dispatched subagents have the ability to write files, execute code (tests), and perform git commits.\n
- Sanitization: No sanitization or validation of the task text is performed before it is included in the subagent prompt.\n- [COMMAND_EXECUTION]: The skill requires the execution of shell commands to fulfill its primary purpose. Specifically, implementer agents are instructed to run test suites and perform git commits within the user's workspace.
Audit Metadata