story-implement
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill employs a defensive workflow that prevents autonomous execution of multiple tasks, requiring the agent to pause and wait for user confirmation before starting the implementation and after completing each atomic unit of work.
- [SAFE]: It includes mandatory environment validations, such as verifying a clean Git working tree and ensuring operations occur within designated feature branches, which reduces the risk of accidental repository corruption.
- [PROMPT_INJECTION]: The skill reads implementation details from markdown files (README.md and TK-*.md) within the project's user-story directory. This creates a surface for indirect prompt injection where malicious instructions could be embedded in documentation to hijack the implementation process.
- Ingestion points: Documentation files are read from
docs/product/user-stories/and parsed by the agent to guide code changes. - Boundary markers: The skill instructions do not specify the use of delimiters or explicit 'ignore embedded instructions' warnings when the agent processes these external files.
- Capability inventory: The skill allows for local filesystem modification, Git command execution, and running local lint/build scripts.
- Sanitization: The risk is mitigated by the 'queue presentation' step where the agent must list the intended work for user approval and the subsequent per-task confirmation requirement.
Audit Metadata