subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by design.
- Ingestion points: The workflow in
SKILL.mdreads implementation plans (e.g.,docs/plans/feature-plan.md) and interpolates task descriptions directly into subagent prompts. Additionally, thespec-reviewer-prompt.mdingests 'implementer reports' which are produced by a previous subagent step. - Boundary markers: The prompt templates in
implementer-prompt.mdandspec-reviewer-prompt.mdlack delimiters or explicit instructions to ignore potentially malicious commands embedded within the interpolated task text or reports. - Capability inventory: Subagents are expected to perform high-privilege operations including writing code, executing tests (TDD), and committing changes. The skill also integrates with
superpowers:finishing-a-development-branch, which likely handles merging and branch finalization. - Sanitization: No validation or sanitization of the input plan text is performed before it is processed as instructions for the subagents.
Audit Metadata