agile-story
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from the repository and user arguments into its planning process.
- Ingestion points: The skill processes user-supplied
$ARGUMENTSand reads content from arbitrary files in the repository to understand context and map changes. - Boundary markers: The instructions lack explicit boundary markers or directions for the model to ignore potential instructions embedded within the data it reads.
- Capability inventory: The skill has the ability to read and write files (creating plans in
.agents/plans/or existing story files) and suggests running terminal commands for verification (lint, typecheck, tests). - Sanitization: There is no evidence of input validation or sanitization of the content retrieved from repository files or user input before it is used to generate the execution plan.
Audit Metadata