subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes implementation plans (e.g., plan files mentioned in the workflow) to extract tasks for subagents. If the plan file originates from an untrusted source, it could contain instructions designed to influence subagent behavior.
- Ingestion points: Plan files such as
docs/plans/feature-plan.md(referenced in SKILL.md). - Boundary markers: Prompts use Markdown headers (e.g.,
## Task Description) to separate instructions from task data. - Capability inventory: Subagents have capabilities for file system modification, running tests (shell execution), and performing git commits (referenced in
implementer-prompt.md). - Sanitization: No explicit sanitization or filtering of task content is mentioned beyond the controller agent extracting the text.
- [COMMAND_EXECUTION]: The workflow involves subagents implementing code, writing tests, and verifying them. This naturally requires the execution of commands (e.g., compilers, test runners, git) on the local system. This is intended functionality for a development skill.
Audit Metadata