subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill carries a risk of indirect prompt injection due to its reliance on external data sources for agent instructions.
- Ingestion points: The skill ingests untrusted data from implementation plans, such as
docs/plans/feature-plan.md, to extract task details and context. - Boundary markers: The workflow lacks clear delimiters or explicit instructions to subagents to treat the ingested plan content as data rather than instructions.
- Capability inventory: The subagents dispatched by this skill have the authority to write code, execute shell commands for testing, and perform git commits.
- Sanitization: There are no documented steps for sanitizing, escaping, or validating the content of implementation plans before they are interpolated into subagent prompts.
Audit Metadata