ln-400-story-executor
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to download project files and scripts from the author's repository (levnikolaevich/claude-code-skills) via WebFetch if local files are missing. This is a standard vendor update mechanism.\n- [COMMAND_EXECUTION]: Executes numerous shell commands using Node.js and Git to manage worktrees, track state, and run worker scripts.\n- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because it ingests Acceptance Criteria and task metadata from external sources (such as Linear issues or local files) and uses them to construct prompts for validation agents.\n
- Ingestion points: Phase 1 (Discovery) reads task metadata; Phase 6B (Scenario Validation) reads Story ACs.\n
- Boundary markers: None detected; the skill does not use specific delimiters to isolate external content from internal instructions.\n
- Capability inventory: Includes file system write access, execution of local scripts, Git command execution, and invocation of other agents/skills.\n
- Sanitization: No evidence of sanitization or escaping of the external task content before it is processed by the AI.
Audit Metadata