user-story-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted external requirements to generate code and configurations while possessing high-privilege tool access.\n
- Ingestion points: User instructions and project documentation via the 'Read' tool.\n
- Boundary markers: Absent; no delimiters or instructions are provided to the agent to ignore embedded instructions in the source data.\n
- Capability inventory: High-privilege access including 'Bash' (arbitrary command execution), 'Write', and 'Edit' (filesystem modification).\n
- Sanitization: No evidence of sanitization or input validation for data used in code generation.\n- Privilege Escalation (MEDIUM): The skill requests 'Bash' permissions, which grants excessive access to the underlying operating system for a task primarily focused on documentation and user story generation.
Recommendations
- AI detected serious security threats
Audit Metadata