user-story-splitting
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection because it processes untrusted user stories without using security boundaries.\n
- Ingestion points: The skill ingests user-provided text via the 'Original Story' placeholder in
SKILL.mdandtemplate.md.\n - Boundary markers: The templates lack explicit delimiters (such as XML tags or triple quotes) or 'ignore' instructions to ensure the model does not follow commands embedded within the story text.\n
- Capability inventory: The skill contains no code or commands for network operations, file system access, or subprocess execution, which significantly limits the risk profile.\n
- Sanitization: There are no documented mechanisms for sanitizing or validating user input before it is processed by the agent.
Audit Metadata