subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads task specifications and technical debt entries from project files and interpolates them directly into prompts for implementer and reviewer subagents. \n
- Ingestion points: Reads from
task.md,spec/atdd.md, andspec/tech-debt.md.\n - Boundary markers: The skill uses markdown headers to separate task data in prompts but lacks explicit 'ignore instructions' warnings for the subagents. \n
- Capability inventory: The skill can perform file writes, manage tasks via platform tools, and execute git operations. Subagents can modify the codebase and run tests.\n
- Sanitization: No explicit sanitization or validation of the ingested text content is performed before interpolation.\n- [COMMAND_EXECUTION]: The skill executes
git mergeand other shell-based operations to manage worktrees and integrate subagent contributions. These operations are essential to the primary function of parallelizing development tasks.\n- [SAFE]: The skill adheres to several security best practices, including the use of isolated worktrees for subagent execution to prevent global state corruption and the enforcement of mandatory multi-stage reviews (specification compliance followed by code quality) before merging changes.
Audit Metadata