subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating external task descriptions and requirements into subagent prompts.
- Ingestion points: The implementer-prompt.md, spec-reviewer-prompt.md, and code-quality-reviewer-prompt.md files ingest full task text and requirements from external plans.
- Boundary markers: The prompts use markdown headers for structure but lack explicit guardrails or 'ignore embedded instructions' warnings for the interpolated content.
- Capability inventory: Subagents are granted capabilities to modify files, execute tests, and commit code, which could be abused if malicious instructions are injected.
- Sanitization: No sanitization or filtering of the input task text is performed before interpolation.
Audit Metadata