Skills
skills/levnikolaevich/claude-code-skills/ln-310-story-validator/Gen Agent Trust Hub

ln-310-story-validator

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill was analyzed for instructions attempting to bypass safety filters or override core agent behavior. All identified instructions (e.g., 'MANDATORY READ', 'CRITICAL RULES') are strictly related to the functional process of story validation and do not constitute malicious injection.
  • [DATA_EXFILTRATION]: No patterns of data exfiltration were detected. The skill specifically includes a security-positive feature (Criterion #15) that scans for hardcoded credentials, API keys, and database URLs in stories to replace them with secure environment variable placeholders.
  • [EXTERNAL_DOWNLOADS]: The skill references a well-known CDN (jsdelivr.net) in diagram.html to load the Mermaid.js library for visualization. All other external interactions are through trusted MCP servers (linear-server, context7, ref-server) or sibling skills from the same author.
  • [REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. The skill does not use dangerous functions like eval() or exec() on untrusted input, nor does it perform arbitrary downloads for execution.
  • [COMMAND_EXECUTION]: The skill uses standard file and task management operations (Read, Write, Edit, Glob, Linear API calls). These operations are consistent with the skill's purpose of managing project documentation and ticket metadata.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of stories and tasks from Linear or local files.
  • Ingestion points: Story content loaded via get_issue or local file reads (Read story.md).
  • Boundary markers: The process flow describes prompt construction for sibling reviews but does not explicitly show XML-style delimiters, although the structured 'Penalty Points' system acts as a logical filter.
  • Capability inventory: File system access, Linear ticket updates, and delegation to other AI skills.
  • Sanitization: The skill's primary purpose is to sanitize and standardize inputs by enforcing templates, RFC compliance, and removing sensitive hardcoded values, which significantly reduces the risk of malicious payload execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 09:25 PM