subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface across multiple subagent templates.
- Ingestion points: Task descriptions and implementer reports are interpolated into
implementer-prompt.md,spec-reviewer-prompt.md, andcode-quality-reviewer-prompt.md. - Boundary markers: The templates use Markdown headers (e.g.,
## Task Description) but lack explicit delimiters (like XML tags or specific 'END_OF_TEXT' markers) or instructions to ignore instructions embedded within the interpolated data. - Capability inventory: The subagents are granted capabilities to modify the local filesystem, commit code, and execute tests, which could be leveraged if an implementation plan contains malicious instructions.
- Sanitization: No input sanitization or validation of the task text or reports is performed before interpolation.
- [SAFE]: No hardcoded credentials, sensitive file access, or unauthorized network operations were detected. The use of multiple review stages acts as a manual and automated safety checkpoint.
Audit Metadata