subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses an isolation model for sub-agents, ensuring they do not inherit the main session history or sensitive context, which minimizes the risk of data exposure.
- [COMMAND_EXECUTION]: The orchestration of git worktrees and test execution is tightly controlled within a development workflow and is necessary for the skill's primary function.
- [SAFE]: A mandatory two-stage review process (specification compliance and code quality) provides a robust defense against unintended behavior or malicious code being introduced during the implementation phase.
- [PROMPT_INJECTION]: The skill manages potential indirect prompt injection surfaces by providing sub-agents with specific, delimited task descriptions rather than direct file access, and includes a 'Spec Reviewer' role explicitly instructed to detect and flag extra or non-compliant functionality.
Audit Metadata