subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a session-local workflow using subagents for codebase tasks. No instances of hardcoded credentials, malicious obfuscation, privilege escalation, or unauthorized network activity were found. All process steps are localized to the current session.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes external plan files and reports. 1. Ingestion points: The skill reads implementation plans (e.g., docs/plans/feature-plan.md) and implementer reports to generate prompts in implementer-prompt.md and spec-reviewer-prompt.md. 2. Boundary markers: The prompts utilize structured markdown headers (e.g., ## Task Description, ## What Was Requested) to delineate external data from instructions. 3. Capability inventory: The subagents are granted capabilities through delegate_to_agent(codebase_investigator), which includes file system modification and git operations. 4. Sanitization: The skill does not explicitly sanitize or filter the content of the plan files or implementer reports before they are interpolated into the subagent prompts.
Audit Metadata