breakdown-epic
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass instructions were found in the skill logic.
- [PROMPT_INJECTION]: The skill processes user-provided epic descriptions, which constitutes an attack surface for indirect prompt injection. Ingestion points: epic_description input field in SKILL.md. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflow. Capability inventory: The skill uses write_file to create markdown stories and read_file to access local configuration settings. Sanitization: No validation or sanitization of the input text is performed before processing.
- [COMMAND_EXECUTION]: The skill invokes local utility scripts and file management commands to generate and organize project documentation. These actions are limited to the local environment and are consistent with the skill's stated purpose.
Audit Metadata