create-story-ticket
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted user-provided requirements and requirements to generate its output.
- Ingestion points: Processes raw feature descriptions or requirements provided by the user via natural language input.
- Boundary markers: Absent; the instructions do not define specific delimiters (like XML tags) to isolate user-provided data, nor do they instruct the model to ignore embedded instructions within the input.
- Capability inventory: The skill can interact with external issue-tracker MCPs to directly create tickets, representing a write-capability in an external system.
- Sanitization: No explicit sanitization or validation logic is defined to check the user-supplied text for malicious content or instructions.
- Mitigation: The skill includes a 'human-in-the-loop' safeguard by explicitly requiring user confirmation before filing any tickets.
Audit Metadata