subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill is composed exclusively of Markdown documentation and prompt templates, with no Python scripts, shell scripts, or executable binaries included.
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by interpolating external plan data into subagent tasks.
- Ingestion points: The workflow reads implementation tasks from external files (e.g., docs/plans/*.md).
- Boundary markers: Templates use Markdown headers to organize sections but lack strict delimiters or explicit instructions for subagents to ignore potential instructions embedded within the task text.
- Capability inventory: Subagents are authorized to modify source code, run tests, and perform commits using general-purpose tools.
- Sanitization: There is no evidence of sanitization, escaping, or schema validation for the ingested plan data before it is passed to subagents.
Audit Metadata