user-story
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): No malicious patterns or security vulnerabilities were detected across the skill files.
- The documentation consists of legitimate instructional content for product management tasks.
- The helper script
scripts/user-story-template.pyis a simple CLI utility that processes arguments into a string format; it has no network access, file writing capabilities, or dynamic execution patterns. - No hardcoded credentials, sensitive file paths, or obfuscation techniques were identified.
- Indirect Prompt Injection (INFO): The skill's purpose is to process user-provided context into formatted stories. While this creates an ingestion point for untrusted data, the skill lacks high-privilege capabilities (like network requests or file modifications) that would allow such an injection to be exploited.
- Ingestion points: User-provided inputs via CLI arguments to the template script.
- Boundary markers: None (script generates standard Markdown lists).
- Capability inventory: Local stdout printing only.
- Sanitization: Standard
argparsehandling; no explicit escaping of Markdown control characters.
Audit Metadata