user-story-delivery
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill functions as a legitimate orchestration layer for software development tasks, using standard GitHub CLI tools and subagent delegation. No evidence of obfuscation, exfiltration, or unauthorized command execution was found.
- [PROMPT_INJECTION]: The skill handles untrusted external data from GitHub, which presents a surface for indirect prompt injection attacks.
- Ingestion points: Story IDs, selection rules, and PR feedback are ingested from the environment and external GitHub issues in Steps 1 and 5 of SKILL.md.
- Boundary markers: The skill defines explicit handoff sections (e.g., '## Implementation Handoff' and '## Review Handoff') to structure communication between subagents.
- Capability inventory: The orchestrated subagents possess the ability to write code, commit changes, and merge PRs via referenced specialist skills.
- Sanitization: No explicit content sanitization or instruction-ignoring delimiters are defined for data ingested from GitHub issues or comments.
Audit Metadata