subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of untrusted implementation plans.
- Ingestion points: External implementation plan files (e.g., docs/plans/feature-plan.md) are read and extracted into task descriptions.
- Boundary markers: Absent; the workflow does not include instructions to wrap external content in delimiters or add protective instructions when passing data to subagents.
- Capability inventory: Dispatched subagents have high-privilege capabilities, including the ability to implement code, run tests, and perform git commits.
- Sanitization: Absent; no validation or sanitization of the implementation plan content is performed before task extraction and subagent dispatch.
- [NO_CODE]: The SKILL.md file contains only instructional text, process diagrams, and workflow descriptions. It does not include any executable scripts, binaries, or direct command-line instructions.
Audit Metadata