implement-plan-with-subagents
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands for repository management and quality assurance. Specifically, it uses Git commands (status, diff, commit) and invokes project-defined 'standing gates' such as linting, formatting, and testing scripts.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its core orchestration logic.
- Ingestion points: The skill ingests untrusted data from external plan artifacts (plan.md) and intermediate subagent files (outcome and review files).
- Boundary markers: While the skill uses 'self-contained briefs' for subagents, it lacks explicit descriptions of sanitization or escaping techniques for data interpolated from the plan artifact.
- Capability inventory: The orchestrator can write files to the implementation directory, execute Git commands, and run arbitrary project-defined scripts via the baseline gate mechanism.
- Sanitization: No explicit sanitization or validation of the plan artifact's natural language content is performed before processing.
Audit Metadata