subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external project plans (e.g., docs/plans/feature-plan.md) to extract tasks and context for subagents. This creates an indirect prompt injection surface where a malicious plan could attempt to influence or override the instructions of the dispatched subagents.
- Ingestion points: SKILL.md describes reading plan files and extracting full task text to be passed to subagents.
- Boundary markers: No explicit delimiters or "ignore embedded instructions" markers are defined for the plan content in the workflow description.
- Capability inventory: The workflow involves subagents that can implement code, run tests, and commit to git, providing a significant impact area if the instructions are subverted.
- Sanitization: No sanitization or validation of the plan content is mentioned before it is interpolated into subagent prompts.
- [NO_CODE]: The provided skill file consists entirely of Markdown instructions, logic diagrams, and workflow descriptions. It does not include any executable scripts (Python, Node.js) or direct shell command executions.
Audit Metadata