subagent-driven
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to orchestrate automated development tasks. Subagents are explicitly directed to implement code, execute tests, and perform git operations. The
implementer-prompt.mdtemplate instructs subagents to 'Implement exactly what the task specifies', 'Write tests', 'Verify implementation works', and 'Commit your work'. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external implementation plans and task descriptions to drive subagent behavior.
- Ingestion points: Task requirements from implementation plans are interpolated directly into the
implementer-prompt.mdandspec-reviewer-prompt.mdtemplates. - Boundary markers: The templates lack explicit delimiters or XML tagging to isolate the untrusted task text from the subagent's system instructions.
- Capability inventory: Subagents have the ability to write to the filesystem, execute shell commands (for testing), and commit to the repository.
- Sanitization: The skill does not perform sanitization or validation of the plan text before passing it to subagents.
Audit Metadata