subagent-driven
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted data from implementation plans and interpolates it into subagent prompts. • Ingestion points: Implementation plan text extracted in 'Step 1: Plan Preparation' and 'Step 2: Per-Task Execution'. • Boundary markers: None. The prompts use markdown headers but lack specific delimiters or instructions to ignore embedded commands. • Capability inventory: No internal scripts are present; the skill relies on the host agent's ability to spawn subagents and potentially execute code. • Sanitization: None. Extracted text is passed directly to the implementer and reviewer subagents.
- [NO_CODE] (SAFE): The skill consists entirely of markdown instructions and does not include any Python, Node.js, or shell scripts, eliminating risks associated with direct code execution.
Audit Metadata