subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill coordinates subagents that are instructed to implement code, run tests, and perform git operations. This is standard behavior for development-oriented agents.\n- [INDIRECT_PROMPT_INJECTION]: The skill extracts task descriptions from external plan files and injects them into subagent prompts. This architectural pattern represents a surface for indirect prompt injection if the source plans contain malicious instructions.\n
- Ingestion points: Plan files (e.g., docs/react-native-hifi/plans/feature-plan.md) read during the execution process.\n
- Boundary markers: Absent; task text is directly interpolated into subagent prompts.\n
- Capability inventory: Subagents possess capabilities to modify the file system, execute tests, and make git commits.\n
- Sanitization: No sanitization or validation of the input plan content is implemented.
Audit Metadata