subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill identifies an indirect prompt injection surface (Category 8) by ingesting untrusted data from external plan files and subagent outputs to construct prompts for future subagent tasks.
- Ingestion points: The workflow specifically reads a
plan-fileand asubagent's reportto populate tool prompts. - Boundary markers: No explicit delimiters, boundary markers, or 'ignore embedded instructions' warnings are defined for the interpolated content.
- Capability inventory: The system dispatches subagents with general-purpose tools capable of file system modification, test execution, and git operations.
- Sanitization: No sanitization or validation logic is mentioned for the plan content or reports before they are interpolated into the subagent dispatch prompt.
Audit Metadata