subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection (Category 8). \n
- Ingestion points: Plan files (referenced in
SKILL.md) and specific task descriptions are passed to subagents inimplementer-prompt.mdandspec-reviewer-prompt.md.\n - Boundary markers: The templates use Markdown headers (e.g.,
## Task Description) but do not include explicit instructions for the subagents to ignore or sanitize embedded instructions within those inputs.\n - Capability inventory: The subagents are tasked with code implementation, testing, and version control operations.\n
- Sanitization: No input filtering or sanitization is performed on the plan data before processing.\n- [NO_CODE]: The skill contains only Markdown documentation and prompt templates. No executable code is distributed with this skill.
Audit Metadata