subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it interpolates external task descriptions directly into subagent prompts without sufficient isolation. Evidence: 1. Ingestion points: The implementer-prompt.md and spec-reviewer-prompt.md files include placeholders for full task text from implementation plans. 2. Boundary markers: Absent; task descriptions are pasted directly into the instruction flow without delimiters or instructions to ignore embedded commands. 3. Capability inventory: Subagents are granted capabilities to write code, execute tests (shell commands), and commit to git. 4. Sanitization: Absent; the skill does not include steps to sanitize or validate the content of the interpolated plan text.
- COMMAND_EXECUTION (SAFE): The skill orchestrates command execution such as git operations and test running, which are necessary for its primary purpose as a software development tool.
Audit Metadata