user-stories-setup
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill provides a command to fetch content from 'https://fullstackrecipes.com/api/recipes/user-stories-setup'. This domain is not included in the list of trusted providers (like GitHub/Google), posing a risk of downloading unverified or malicious setup logic.
- INDIRECT_PROMPT_INJECTION (LOW): The skill's primary function involves agents processing external JSON-formatted user stories. This presents a surface for indirect prompt injection (Category 8) if the ingested data contains malicious instructions, although this is a property of the data ingestion design rather than an active exploit.
Audit Metadata