domain-storytelling
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads and processes YAML files from the
domain-stories/directory to generate project code. An attacker or malicious file could contain instructions that influence the AI to generate backdoors or insecure code patterns. - Ingestion points: Reads all YAML files within the
domain-stories/directory (SKILL.md, Phase A and Phase C). - Boundary markers: The instructions do not specify any delimiters or warnings to ignore embedded instructions within the processed YAML files.
- Capability inventory: The skill has significant project impact as it performs file-write operations to generate a domain layer, including entities, aggregates, and repository interfaces across the codebase.
- Sanitization: There is no explicit sanitization or validation logic mentioned to ensure the content of the domain stories does not contain executable instructions or malicious prompts.
Audit Metadata