subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a workflow definition using markdown and Mermaid diagrams; it does not contain code or access external URLs.
- [PROMPT_INJECTION]: Evaluation of indirect prompt injection surface: Ingestion points: Plan files (e.g., feature-plan.md). Boundary markers: Not defined in the prompt templates. Capability inventory: Subagents are tasked with file implementation, testing, and committing. Sanitization: Not explicitly handled by the controller skill. This is a common architectural pattern for development agents and presents no direct threat.
Audit Metadata