100Critical
This skill allows subagents to
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Subagent-Driven Development: Execute plan by dispatching fresh subagent per task, with two-stage review after each: spec compliance review first, then code quality review.
Actually does
This skill orchestrates a development workflow by dispatching specialized subagents for each task within an implementation plan. It reads a plan file, extracts tasks, and then iteratively dispatches an implementer subagent, followed by a spec compliance reviewer subagent (using `./reference/implementer-prompt.md` and `./reference/spec-reviewer-prompt.md`), and then a code quality reviewer subagent (using `./code-quality-reviewer-prompt.md`). It manages task status with `TodoWrite` and concludes with a final code review and the `superpowers:finishing-a-development-branch` skill.
Skill Info
NameFleron/Claude-plugins/subagent-driven-development
Registrygithub
Version5662b3e1543f
PURLpkg:github/Fleron/Claude-plugins@5662b3e1543f?skill=subagent-driven-development
Installs455,628
Source
SHA-256e37b2a9c5c53...
SHA-103ac77452213...
MD5018c72917dc3...
TLSH6332a6637993...
ssdeep192:FFnkkUXU...
Size11,770 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
GitHub
https://github.com/Fleron/Claude-plugins/tree/main/skills/subagent-driven-development455,628 installs
Claude CodeDocs
/plugin marketplace add Fleron/Claude-plugins/plugin install subagent-driven-development@Fleron/Claude-plugins
Skills.shDocs
npx skills add https://github.com/Fleron/Claude-plugins --skill subagent-driven-developmentAssessments (4)
AI Agent Traps ↗Broad Command Execution Capabilitiescriticalcommand execution
The skill orchestrates subagents to perform development tasks including implementing, testing, and committing code, which inherently involves executing arbitrary commands (e.g., build tools, test runners, git commands). This capability, if exploited, allows for arbitrary code execution on the host system.
100% confidenceline 149
Implementer subagent implements, tests, commits, self-reviews; Implemented install-hook command
Supply Chain Risk via External Prompt Fileshighsupply chain
The skill loads subagent prompts from local markdown files. If these files are compromised or tampered with, subagents could be spawned with malicious instructions, leading to arbitrary actions.
100% confidenceline 53
Prompt Templates: ./reference/implementer-prompt.md; ./reference/spec-reviewer-prompt.md; ./code-quality-reviewer-prompt.md
Potential for Data Exfiltration and Credential Thefthighdata exfiltration
Given the subagents' ability to execute commands and interact with the file system (e.g., reading plan files, committing code), there's a risk of data exfiltration or credential theft if a subagent is instructed to read sensitive files or environment variables and transmit them.
90% confidenceline 52
Implementer subagent implements, tests, commits, self-reviews; Get git SHAs, dispatch code quality reviewer
Persistence Mechanism via Hook Installationhighpersistence
The skill explicitly mentions the capability for subagents to 'Implemented install-hook command'. This could be abused to install malicious git hooks or other system-level persistence mechanisms.
100% confidenceline 127
Implementer: - Implemented install-hook command
RAG/Context Poisoning Risk for Subagentsmediumrag poisoning
The controller provides 'full task text + context' to subagents and can 'Provide the missing context and re-dispatch'. If the source of this context (e.g., the plan file) is compromised, or if the controller itself is manipulated, malicious context could be injected to influence subagent behavior.
80% confidenceline 141
Read plan file once: docs/superpowers/plans/feature-plan.md; Dispatch implementation subagent with full task text + context; Provide the missing context and re-dispatch
Unbounded Retries / Autonomy Abuse in Review Loopsmediumautonomy abuse
The process describes 're-review' loops where implementer subagents fix issues and reviewers re-review until approved. While intended for quality, an attacker could potentially craft tasks that lead to unbounded retries or resource consumption if subagents are stuck in a loop.
70% confidenceline 59
Implementer subagent fixes spec gaps -> Dispatch spec reviewer subagent [...] [label="re-review"]; Implementer subagent fixes quality issues -> Dispatch code quality reviewer subagent [...] [label="re-review"];
Human Approval Fatigue in Multi-Stage Reviewlowapproval fatigue
The multi-stage review process, while a security control, involves repeated interactions and approvals. This could lead to human overseer fatigue, potentially causing them to overlook subtle malicious changes or vulnerabilities introduced by subagents.
70% confidenceline 8
Two-stage review after each: spec compliance review first, then code quality review.; Review loops ensure fixes actually work; Red Flags: Never: Skip reviews
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/Fleron/Claude-plugins/subagent-driven-development)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/Fleron/Claude-plugins/subagent-driven-development"><img src="https://mondoo.com/ai-agent-security/api/badge/github/Fleron/Claude-plugins/subagent-driven-development.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/Fleron/Claude-plugins/subagent-driven-development.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow