using-user-stories
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill documentation references the command
bun run user-stories:verifyfor validating user stories. This executes a local script defined in the project's environment runtime.\n- [Indirect Prompt Injection] (LOW): The skill instructions involve the agent reading and following implementation 'steps' from JSON files. This creates a surface where untrusted data could influence agent behavior or execute unintended tasks.\n - Ingestion points: User story JSON files (e.g., in SKILL.md examples).\n
- Boundary markers: Absent; no instructions are provided to the agent to treat story content as untrusted or to ignore embedded directives.\n
- Capability inventory: Performing file system modifications (code implementation) and executing verification scripts via the bun runtime.\n
- Sanitization: Absent; the skill does not suggest any validation or escaping of the story content before processing.
Audit Metadata