Skills
skills/junhyunny/skills/write-story/Gen Agent Trust Hub

write-story

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill follows secure practices, such as requiring a project ID at initialization to prevent accidental registration to incorrect projects.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external story records in TrackerBoot to maintain consistency and context. While this creates a theoretical surface for indirect prompt injection if existing stories contain malicious instructions, the skill implements a mandatory human-in-the-loop approval step (Step 4-2) where users must review and confirm any suggested changes before the agent proceeds to registration.
  • Ingestion points: Data retrieved from tracker-boot-mcp-tb_search_stories in SKILL.md.
  • Boundary markers: None explicitly defined for the processing of retrieved story content.
  • Capability inventory: Registration of new stories via tracker-boot-mcp-tb_create_story in SKILL.md.
  • Sanitization: Human review and explicit confirmation ("ok") are required before any adjustments based on external data are applied.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 01:29 PM