domain-storytelling
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through user-controlled YAML files stored in the 'domain-stories/' directory. Malicious text embedded within fields such as 'description' or 'note' could be interpreted by the agent as instructions during the code generation phase, potentially leading to the creation of unauthorized or malicious code structures.
- Ingestion points: All YAML files located within the 'domain-stories/' directory at the project root.
- Boundary markers: The instructions do not specify any delimiters or safety prompts to ignore embedded instructions when reading story files.
- Capability inventory: The agent has permission to explore the codebase and write new files or modify existing ones to place the synthesized domain layer.
- Sanitization: No logic is provided to sanitize or validate the natural language content of the stories against instruction injection patterns.
Audit Metadata