ln-400-story-executor
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Orchestrates workflow phases by executing local Node.js runtime scripts and an agent runner to manage task lifecycles, worktree setup, and sub-agent invocation. These operations are restricted to authorized local scripts and are necessary for the skill's coordination function.
- [EXTERNAL_DOWNLOADS]: Synchronizes story and task metadata by integrating with well-known task management services, including GitHub and Linear. These interactions are conducted through official CLI tools or established provider-specific protocols.
- [PROMPT_INJECTION]: Ingests external task descriptions and acceptance criteria to generate prompts for a scenario validation agent. This represents an indirect prompt injection surface (Category 8) where untrusted project data influences sub-agent instructions. The risk is managed through a rigid state machine and structured execution phases that maintain clear boundaries for task execution.
Audit Metadata