next-actions
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes task data from the knowledge base database and local markdown files to populate command templates, creating a surface for indirect prompt injection. \n
- Ingestion points: Results from mcp__knowledge-base__kb_list_stories and the plans/future/platform/WORK-ORDER-BY-BATCH.md file. \n
- Boundary markers: The skill does not define delimiters or specific instructions for the agent to ignore potentially malicious instructions embedded within the task titles or descriptions. \n
- Capability inventory: The skill identifies and recommends various commands for execution by the agent, including /dev-implement-story, /qa-verify-story, and /elab-story. \n
- Sanitization: No explicit sanitization or validation of the story IDs or titles is mentioned before they are interpolated into the command strings. \n- [COMMAND_EXECUTION]: The skill performs dynamic generation of agent commands by concatenating task-specific data into predefined templates. \n
- Evidence: Maps story states to command templates like /dev-fix-story {FEATURE_DIR} {STORY_ID}, where parameters are derived from the knowledge base data and feature directory mapping logic.
Audit Metadata