story-plan
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from User Story README files, architecture decision records (ADRs), and existing technical tasks to generate or update technical specifications. This creates a surface for indirect prompt injection where instructions hidden in the documentation could influence the agent.
- Ingestion points: Reads content from
docs/specs/user-stories/US-XXX-[nombre-corto]/README.md, existingTK-*.mdfiles, and reference files indocs/adr/ordocs/specs/technical-docs/. - Boundary markers: Absent. The instructions do not specify the use of delimiters or 'ignore' instructions for the data being processed from the repository files.
- Capability inventory: The skill has the capability to perform file system writes to create or modify technical tasks, work unit catalogs, and agent internal memory files.
- Sanitization: Absent. There is no explicit validation, escaping, or filtering of the text content extracted from the ingested files before it is processed or written back to the filesystem.
Audit Metadata