subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external implementation plans which presents an indirect prompt injection surface.
- Ingestion points: Full text of tasks and plans are ingested in
SKILL.mdand passed to subagents inimplementer-prompt.mdandspec-reviewer-prompt.md. - Boundary markers: Markdown headers such as
## Task Descriptionare used to structure the subagent prompts, but the system lacks explicit delimiters or instructions to ignore or sanitize instructions embedded within the untrusted plan content. - Capability inventory: The subagents are granted capabilities to modify the codebase, commit changes, and execute tests via the provided toolset.
- Sanitization: No evidence of input validation, filtering, or sanitization of the implementation plan content was found.
Audit Metadata