subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands, such as
pytestfor testing andgitfor version control, through the use of a terminal toolset by both the main agent and delegated subagents. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it ingests task descriptions from implementation plan files and passes them into subagent contexts. If these files are manipulated to include malicious instructions, the subagents, which possess elevated tool access, may execute unauthorized actions.
- Ingestion points: The skill reads implementation plans from the file system (e.g.,
docs/plans/feature-plan.md) to extract task content. - Boundary markers: No specific delimiters or safety instructions are used to prevent subagents from following commands embedded within the plan text.
- Capability inventory: Subagents are granted the
terminalandfiletoolsets, providing them with the ability to execute arbitrary shell commands and modify project files. - Sanitization: The skill does not perform any validation, escaping, or sanitization of the plan file content before it is interpolated into subagent prompts.
Audit Metadata