Skills
skills/mgiovani/cc-arsenal/forge-story/Gen Agent Trust Hub

forge-story

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash, Grep, and Glob tools to navigate the project directory, identify existing documentation, and verify the structure of generated story files within the docs/stories/ directory.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting and processing content from external, user-controlled documents.
  • Ingestion points: docs/project-brief.md and docs/architecture.md are read and analyzed to generate tasks.
  • Boundary markers: Absent; there are no instructions provided to the agent to treat the content of these documents as untrusted or to ignore embedded instructions within them.
  • Capability inventory: The agent has access to Bash, Write, Edit, TaskCreate, and TaskUpdate tools, which could be misused if the source documents contain malicious instructions.
  • Sanitization: No explicit sanitization or validation of the input document content is performed before the information is used to drive the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:42 PM
Security Audit — agent-trust-hub — forge-story