subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection via the processing of external development plans.
- Ingestion points: The
implementer-prompt.mdandspec-reviewer-prompt.mdfiles directly interpolate the 'FULL TEXT' of tasks extracted from implementation plans into the subagent instructions. - Boundary markers: The templates do not employ delimiters or 'ignore embedded instructions' warnings to isolate the untrusted task content from the subagent's core logic.
- Capability inventory: Subagents dispatched with these templates have significant capabilities, including the ability to write files to the project directory, execute shell commands for testing, and commit changes to version control.
- Sanitization: There is no evidence of validation or sanitization applied to the plan text before it is passed into the subagent context.
Audit Metadata