tech-storyteller
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection. It is designed to ingest and process untrusted external content such as Git commit logs and PR descriptions. An attacker could embed malicious instructions in these fields to manipulate the agent's narrative or output. * Ingestion points:
git logand PR descriptions (referenced in SKILL.md). * Boundary markers: No delimiters or 'ignore' instructions are provided to separate untrusted data. * Capability inventory: The agent is instructed to perform command execution (git log) and read various local documentation files. * Sanitization: No sanitization or filtering of external input is specified. - COMMAND_EXECUTION (LOW): The workflow requires the agent to execute shell commands, specifically
git log, to traverse the repository history. While standard for this use case, command execution represents a capability that could be exploited if combined with a successful prompt injection. - NO_CODE (LOW): The skill contains only Markdown instructions and no executable scripts or external packages, which limits the risk of direct remote code execution or exfiltration through the skill's own logic.
Audit Metadata