subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from external development plans and subagent reports, creating a surface for indirect prompt injection.\n
- Ingestion points: Task requirements and implementation reports are directly interpolated into subagent prompts in
implementer-prompt.mdandspec-reviewer-prompt.md.\n - Boundary markers: The templates lack explicit structural boundaries or 'ignore' instructions for the interpolated data, potentially allowing embedded malicious instructions to influence subagent behavior.\n
- Capability inventory: Implementation subagents have the authority to write code and execute tests, while the workflow concludes with a branch finalization tool.\n
- Sanitization: No sanitization or verification logic is present to ensure input plans do not contain malicious overrides.
Audit Metadata