subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests external plan files which are interpolated into subagent prompts, creating a surface where a malicious plan could influence subagent behavior. * Ingestion points: Plan files are read in Step 1 and used to populate prompts in Step 2. * Boundary markers: The prompt templates lack explicit delimiters to isolate untrusted plan content. * Capability inventory: Subagents are expected to write code, execute tests (command execution), and commit work to git. * Sanitization: There is no evidence of sanitization or validation of the plan content before interpolation. * Mitigation: The workflow requires independent code reviews after each task (Step 3) and a final review (Step 6), which act as automated quality and security gates.
Audit Metadata