ln-220-story-coordinator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from untrusted local project files to drive the story planning process in Phase 1. This data is used to answer planning questions which guide the generation of user stories.
- Ingestion points: SKILL.md Phase 1 Step 4 (Glob scans for HTML files) and Step 5 (search in requirements.md and tech_stack.md).
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the ingested files.
- Capability inventory: The skill possesses the capability to write to the file system (mkdir, Write), execute git commands (add, commit), and trigger worker skills that perform Linear API writes.
- Sanitization: There is no evidence of content sanitization or validation for the extracted strings before they are used in the prompt context.
- [COMMAND_EXECUTION]: The skill workflow includes explicit file system and version control operations.
- Evidence: SKILL.md Phase 3 Step 7 uses 'mkdir' and 'Write' for file creation. Phase 6 performs 'git add' and 'git commit' to update project documentation.
Audit Metadata