subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs sub-agents to execute validation commands provided within implementation plan files. While essential for development automation, this behavior implicitly trusts the safety of the commands defined in the external plan.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it processes external data to guide agent actions. 1. Ingestion points: The skill ingest task descriptions and commands from external implementation plan files (e.g., Markdown files in docs/specs/plans/). 2. Boundary markers: The instructions advise the primary agent to manually extract task text rather than letting sub-agents read files directly, but no technical delimiters or sanitization are enforced to prevent instruction leakage. 3. Capability inventory: The sub-agents have the ability to modify the local filesystem, perform git operations, and execute arbitrary shell commands. 4. Sanitization: No explicit validation, escaping, or sanitization of the plan content is performed before it is passed to the sub-agents for execution.
Audit Metadata