subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes task descriptions from untrusted plan files and interpolates them into subagent prompts, which could be exploited to manipulate agent behavior.\n
- Ingestion points: Task instructions are read from a plan-file in Step 1 and Step 2.\n
- Boundary markers: The prompt templates for subagents do not use delimiters or include instructions to ignore embedded commands within the task content.\n
- Capability inventory: Subagents are granted powerful tools for filesystem modification, test execution, and repository management (commits).\n
- Sanitization: There is no mechanism described for sanitizing or validating the contents of the plan file before it enters the subagent context.
Audit Metadata