subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection via untrusted implementation plans.
- Ingestion points: Plan files like
docs/plans/feature-plan.mdand extracted task descriptions. - Boundary markers: Markdown headers are used in
implementer-prompt.mdandspec-reviewer-prompt.mdto frame external data. - Capability inventory: Subagents have the ability to write files, run tests, and commit to git.
- Sanitization: No sanitization or 'ignore embedded instructions' warnings are provided.
Audit Metadata