skills/sebas-aikon-intelligence/antigravity-awesome-skills/subagent-driven-development/Gen Agent Trust Hub
subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill constructs prompts for subagents by directly interpolating external content (task plans and implementer reports) into its core templates. This creates a surface where malicious instructions embedded within a project plan could be executed by the subagents.
- Ingestion points: implementer-prompt.md (task text) and spec-reviewer-prompt.md (task requirements and report text) ingest untrusted data into subagent contexts.
- Boundary markers: Absent. The templates use bracketed placeholders for content injection without using XML tags, triple quotes, or specific delimiters to isolate the untrusted data from the system instructions.
- Capability inventory: The subagents described in the process have significant capabilities, including file modification, command execution for running tests, and version control (git) operations.
- Sanitization: None detected. The process relies on the controller agent to provide 'full text' of external plans directly into the subagent prompts.
Audit Metadata