agile-product-owner
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWSAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data (epics) to generate user stories and priorities. While this is the intended functionality, it creates a surface where malicious instructions embedded in an epic could attempt to influence the agent's story generation or sprint planning logic.\n
- Ingestion points: External epics or backlog items processed by
user_story_generator.py.\n - Boundary markers: None identified in the documentation.\n
- Capability inventory: Local script execution (
python3).\n - Sanitization: None specified for input epics.\n- [Command Execution] (INFO): The documentation references the execution of a local Python script (
user_story_generator.py) for core functionality. This is a standard implementation pattern for agent skills and does not appear to involve arbitrary command injection based on the usage examples provided.
Audit Metadata