subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it processes and interpolates raw data from external implementation plans into subagent instructions.
- Ingestion points: External plan files are read and their task descriptions are pasted directly into the
implementer-prompt.mdandspec-reviewer-prompt.mdtemplates. - Boundary markers: While the templates use markdown headers to organize sections, they lack explicit 'ignore embedded instructions' delimiters or safety warnings to protect against adversarial instructions within the plan text.
- Capability inventory: The subagents are granted access to
general-purposeandcode-reviewertools, allowing for file system modifications, code execution for testing, and git operations. - Sanitization: The skill does not perform any sanitization or validation of the plan content before interpolating it into prompts.
Audit Metadata