user-story-mapping
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No security issues were detected. The skill consists entirely of markdown documentation, templates, and samples for organizational and planning purposes.
- [NO_CODE]: The skill does not include any executable scripts, binaries, or code files, which eliminates risks related to runtime execution, privilege escalation, or persistence.
- [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection via the processing of user-provided narrative data into a story map. Ingestion points: User-provided segment, persona, and narrative fields in template.md. Boundary markers: Absent. Capability inventory: None. Sanitization: Absent. The lack of any tool or execution capabilities makes this surface non-exploitable.
- [EXTERNAL_DOWNLOADS]: The skill includes a plain-text reference to the author's GitHub repository (github.com/deanpeters/product-manager-prompts) for provenance. This is documented as a neutral reference to a vendor resource and does not involve automated downloads or remote code execution.
Audit Metadata