subagent-driven
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill defines a process where external 'plan' data is ingested and interpolated into subagent prompts. While this is the primary purpose of the skill, it creates a surface for indirect prompt injection if the plan contains malicious instructions.
- Ingestion points: Plan text is extracted in Step 1 and interpolated in Steps 2a (Implementer), 2c (Spec Reviewer), and 3 (Final Reviewer).
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are included in the prompt templates.
- Capability inventory: The subagents described in the skill are expected to write code, modify files, and execute tests (TDD).
- Sanitization: The skill lacks explicit sanitization or validation logic for the plan text before it is passed to subagents.
Audit Metadata