Subagent-Driven Development
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill manages an attack surface where untrusted data (such as system requirements, specifications, or code feedback) is ingested via the
input_datafield in theTaskdataclass found inreference/task-management.mdandSKILL.md. - Ingestion points: Untrusted external data enters the agent context through the
input_dataandmetadatafields of theTaskobjects. - Boundary markers: There are no explicit boundary markers or delimiters shown in the provided examples to isolate untrusted data from agent instructions.
- Capability inventory: The orchestrator manages agents with capabilities for code implementation, architecture design, and security reviews as defined in
reference/agent-taxonomy.md. - Sanitization: No explicit sanitization or validation logic for external content is included in the task processing logic.
- [DATA_EXFILTRATION]: No patterns of sensitive data harvesting or unauthorized network transmission were detected. The workflow orchestration is entirely logical and structural.
- [COMMAND_EXECUTION]: The skill focuses on workflow management and coordination using Python objects and does not utilize dangerous shell commands or system-level calls.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute scripts from remote sources. All logic is contained within the provided reference files.
Audit Metadata