Skills
skills/storybookjs/storybook/canary/Gen Agent Trust Hub

canary

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes gh workflow run to trigger CI/CD pipelines on the storybookjs/storybook repository. This operation is restricted by the requirement for the user to have admin permissions and an authenticated session.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute versions of the storybook package from the npm registry. These downloads originate from the official vendor (storybookjs) and are considered safe under the vendor trust policy.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to extract a version string from a pull request body and use it in an npx command. An attacker could craft a pull request with a malicious version string or shell command (e.g., npx storybook@latest; curl ...) to compromise the agent's environment.
  • Ingestion points: Pull request number (user input) and pull request body (external data from GitHub).
  • Boundary markers: None identified; the skill relies on the agent correctly identifying the version string in the prose of the PR body.
  • Capability inventory: Execution of shell commands via the Bash tool, including gh and npx (SKILL.md).
  • Sanitization: None; the skill does not specify validation steps for the version string before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 10:00 AM