agile-product-owner
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [METADATA_POISONING] (MEDIUM): The skill metadata contains deceptive and unverifiable claims including
verified: trueandauthor: Claude Skills Team. These fields are likely intended to project a false sense of authority and safety to the agent or user, which is a key deception pattern. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-controlled data via
epic.json, creating an attack surface for indirect prompt injection. - Ingestion points:
epic.json(read as input for the story generator script). - Boundary markers: Absent; there are no instructions or delimiters in the documentation to prevent the AI from following instructions embedded within the epic file.
- Capability inventory: Local script execution (
user_story_generator.py) and local file creation (JSON/CSV exports). - Sanitization: Absent; the documentation does not describe any validation or cleaning steps for external input data.
- [COMMAND_EXECUTION] (SAFE): The skill references the execution of a local script
python scripts/user_story_generator.py. This is consistent with the primary purpose of the skill and is triggered by the user via CLI, posing no hidden or arbitrary command execution risk based on the documentation provided.
Audit Metadata