subagent-driven-development
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs subagents to read and process untrusted data from the repository (e.g.,
README.md,AGENTS.md, and task descriptions) which is then interpolated into prompts without explicit sanitization or instructions to ignore embedded commands. - Ingestion points:
SKILL.md(Workflow steps 4, 8, 10),references/implementer-prompt.md(Context section). - Boundary markers: Uses markdown headers (## Task, ## Context) to separate data, but lacks explicit 'ignore instructions' directives.
- Capability inventory: Subagents can perform file writes and execute verification commands in the workspace.
- Sanitization: No sanitization of ingested content is specified.
Audit Metadata