subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its handling of untrusted implementation plans.
- Ingestion points: Implementation plans such as docs/plans/feature-plan.md are ingested, and task text is extracted for subagent prompts in implementer-prompt.md and spec-reviewer-prompt.md.
- Boundary markers: The skill uses Markdown headers to separate task text but lacks strong delimiters or instructions for subagents to ignore embedded commands within the untrusted content.
- Capability inventory: Subagents have the ability to implement code, run tests via general-purpose tools, and perform git commits.
- Sanitization: No sanitization or validation is performed on the plan text before it is interpolated into the prompts.
Audit Metadata