story-readiness
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed as a read-only validator for story files. It lacks tools for writing to the file system or executing arbitrary shell commands, which significantly limits its security impact.
- [SAFE]: Data access is restricted to local project directories such as
production/,design/, anddocs/. There are no network-capable tools included in the skill's configuration, preventing data exfiltration. - [SAFE]: No obfuscation, remote code execution patterns, or persistence mechanisms were found in the instructions or logic.
- [SAFE]: While the skill ingests content from project files (stories, ADRs, GDDs), the lack of high-risk capabilities like writing to files or executing code mitigates the risk of indirect prompt injection.
Audit Metadata