subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's documented workflow processes untrusted plan files, creating a vulnerability surface.
- Ingestion points: Processes plan files (e.g., from .claude/context/plans/) as specified in the workflow documentation.
- Boundary markers: There are no defined boundary markers or instructions to isolate the plan data from the agent commands.
- Capability inventory: The skill configuration grants tools with high impact, including Bash, Write, and Edit.
- Sanitization: No input validation or sanitization of the plan text is performed before being passed to subagents.
- [SAFE]: The provided Node.js scripts and execution hooks are benign scaffolds that do not perform network requests or command execution. Metadata claims regarding verification and a future date (2026-02-22) are noted as non-authoritative.
Audit Metadata