Skills
skills/huytieu/cog-second-brain/create-user-story/Gen Agent Trust Hub

create-user-story

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs gh (GitHub CLI) and jira CLI tools for issue searching and creation.
  • [EXTERNAL_DOWNLOADS]: Data is retrieved from well-known services including GitHub, Linear, and Jira to perform duplicate checks.
  • [DATA_EXFILTRATION]: Accesses local configuration files in the 00-inbox/ directory, such as MY-PROFILE.md and MY-INTEGRATIONS.md, to retrieve user and project context.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present as the skill ingests issue titles and descriptions from external project trackers.
  • Ingestion points: Issue data from GitHub, Linear, and Jira APIs.
  • Boundary markers: Absent; external content is presented to the user without specific isolation or instructions to ignore embedded commands.
  • Capability inventory: Local file writing to the project vault and remote issue creation.
  • Sanitization: No explicit sanitization or filtering is applied to the content retrieved from external trackers before it enters the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 11:30 AM