subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes a system where an orchestrator processes untrusted external data (task specifications and codebase files) and translates them into subagent instructions. This architecture creates a vulnerability surface for indirect prompt injection.
- Ingestion points: The orchestrator reads and analyzes user-provided task descriptions and referenced project files (SKILL.md).
- Boundary markers: The skill advocates for clean context windows and 'spec-only' context for subagents to limit cross-contamination (SKILL.md).
- Capability inventory: The workflow includes spawning subagents, running tests/linters, and merging code changes via git (SKILL.md).
- Sanitization: A two-stage review process (spec compliance and code quality) is defined to validate subagent outputs before merging (SKILL.md).
Audit Metadata