subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data (implementation plans) and perform sensitive actions (writing code, executing tests, and committing to git) based on that data.
- Ingestion points: The workflow reads plan files (e.g.,
docs/plans/feature-plan.md) and interpolates their content into subagent prompts. - Boundary markers: Prompt templates use Markdown headers (e.g.,
## Task Description) to delimit external content, which provides some structural separation but not total isolation. - Capability inventory: The system allows subagents to write to the filesystem, execute shell commands for testing, and perform git operations.
- Sanitization: The skill mitigates risks through a multi-stage review process (Spec Compliance and Code Quality reviews) that requires independent verification of code, though it lacks explicit input sanitization or filtering logic.
Audit Metadata