validate-story
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted markdown content from user-provided story files without adequate safeguards.
- Ingestion points: The
story_fileinput parameter is used to read content from the local filesystem that is then parsed and analyzed as part of the validation logic. - Boundary markers: The instructions lack specific delimiters or "ignore embedded instructions" warnings, meaning the agent may follow instructions found within the story files instead of just analyzing them.
- Capability inventory: The skill utilizes the
Readtool to access various project files, including architecture documentation, epic files, and project structure configurations. - Sanitization: There is no evidence of content filtering, escaping, or validation performed on the story file content before it is used to influence the validation workflow and report generation.
Audit Metadata