subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes implementation plans, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Plan files are read and task descriptions are passed to subagents in
SKILL.md,implementer-prompt.md, andspec-reviewer-prompt.md.\n - Boundary markers: Task data is delimited by markdown headers like
## Task Description, but the skill does not use explicit escape delimiters or 'ignore instructions' warnings for the task content.\n - Capability inventory: Subagents are directed to write files and execute tests as part of the development lifecycle in
implementer-prompt.md.\n - Sanitization: The skill relies on the structured workflow and multi-stage review process rather than automated text sanitization.\n- [COMMAND_EXECUTION]: Subagents are tasked with executing tests and git operations.\n
- Evidence:
implementer-prompt.mdincludes instructions for subagents to 'Write tests', 'Verify implementation works', and 'Commit your work'. These actions are essential to the primary purpose of the skill and are performed within the context of the development task.
Audit Metadata