create-subagent

The document is a legitimate, comprehensive guide for creating and managing subagents and includes useful templates and workflows. However, it documents several high-risk features and defaults (implicit full tool inheritance, bypassPermissions/acceptEdits modes, encouragement of proactive/autonomous invocation, and broad use of Bash/network tools) that materially increase the chance of accidental or malicious abuse. There is no concrete evidence of embedded malware or hardcoded malicious endpoints in the provided text, but the platform design choices create clear avenues for privilege escalation, data exfiltration, and supply-chain compromise if operators do not enforce strict operational controls. Recommend treating agent files and Task invocations as high-sensitivity configuration: enforce deny-by-default tooling, require explicit tool allow-lists, disallow bypassPermission modes in shared environments, enforce network allow-lists, require skill provenance/signing, and log/alert on autonomous agent creation and high-risk actions.