Subagent-Driven Development
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill orchestrates a multi-step process where data from implementation plans and subagent outputs are interpolated into subsequent agent prompts.
- Ingestion points: Data is ingested from external plan files in
implementer-prompt.mdand from implementer reports inspec-reviewer-prompt.md. - Boundary markers: The prompts use Markdown headers to delineate sections but lack explicit instruction wrappers (e.g., XML tags or 'ignore embedded commands' directives) to prevent the agent from executing instructions hidden in the data.
- Capability inventory: The subagents use a 'general-purpose' task tool that likely includes file system access and command execution capabilities, which could be abused if an injection is successful.
- Sanitization: There is no mechanism described for sanitizing or escaping the text before it is inserted into the prompt templates.
Audit Metadata