subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow for executing tasks defined in external plan files, which is vulnerable to indirect prompt injection.
- Ingestion points: The agent is instructed to read tasks from a
[plan-file]which is an external data source entering the agent context. - Boundary markers: The provided prompt templates for subagents do not include delimiters or instructions to ignore embedded malicious instructions within the plan tasks.
- Capability inventory: The subagents are given broad capabilities including file implementation, test verification, and git operations (commit), allowing for significant environment modification.
- Sanitization: The skill lacks logic to validate or sanitize task content before it is passed to subagents for execution.
Audit Metadata