Skills
skills/notque/claude-code-toolkit/subagent-driven-development/Gen Agent Trust Hub

subagent-driven-development

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) through its task extraction and dispatch mechanism. \n
  • Ingestion points: The skill reads an implementation plan file in 'Phase 1: SETUP' of SKILL.md to extract task descriptions. \n
  • Boundary markers: Absent. The task text is interpolated into the {FULL_TASK_TEXT} placeholder in implementer-prompt.md and adr-reviewer-prompt.md without delimiters or instructions for the agent to ignore potentially malicious embedded content. \n
  • Capability inventory: The skill and its subagents have access to Bash, Write, Edit, and Task tools, allowing for significant file system and shell operations. \n
  • Sanitization: Absent. Content from the plan file is not escaped or validated before being included in the subagent's prompt. \n- [COMMAND_EXECUTION]: The skill directs the execution of shell commands via the Bash tool for git operations and testing (e.g., {TEST_COMMAND} and {VERIFICATION_STEPS} in implementer-prompt.md). This capability can be exploited if the plan file contains malicious instructions that manipulate these variables to execute unintended shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 05:55 AM
Security Audit — agent-trust-hub — subagent-driven-development