aile-subagent-dev
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dispatches an implementer sub-agent instructed to write and execute tests (using TDD principles) to verify code functionality. This involves the execution of generated code within the agent's environment.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by consuming task requirements from external markdown files (
docs/plans/*.md). Malicious content within these plans could attempt to influence the sub-agent's behavior during code generation or command execution. - Ingestion points: Files located at
docs/plans/{Story-Key}/analysis.mdandplan.mdare used as the primary source of task definitions. - Boundary markers: The prompts do not specify the use of delimiters or specific instructions to ignore embedded commands within the task text when passing it to the implementer sub-agent.
- Capability inventory: The workflow includes filesystem write access, Git operations, Jira issue retrieval (
jira_get_issue), and the ability to execute shell commands for testing purposes. - Sanitization: The skill mitigates risks through a structured 'Spec Reviewer' and 'Code Quality Reviewer' loop, where separate sub-agents verify the implementation against the original requirements and check for quality/security issues before completion.
- [DATA_EXPOSURE]: The skill uses the
jira_get_issuetool to interact with external Jira instances to fetch issue details and handle task blockers.
Audit Metadata