subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface. The skill orchestrates subagents based on an external plan file, which can contain malicious instructions. Evidence: 1. Ingestion points: The skill reads from a plan-file in Step 1. 2. Boundary markers: Delimiters and 'ignore instructions' warnings are absent in the subagent prompt templates. 3. Capability inventory: Subagents have the ability to write code, execute tests (arbitrary code execution), and commit to git. 4. Sanitization: No sanitization or validation of the plan content is performed.
- COMMAND_EXECUTION (SAFE): The skill directs subagents to run tests and verify implementations. While these are high-capability actions involving arbitrary code execution, they are the primary intended purpose of the development orchestration skill.
Audit Metadata