project-flow-ops
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external sources (GitHub issues, pull requests, and comments). This creates a surface for indirect prompt injection where an attacker could embed malicious instructions within a PR or issue to influence the agent's behavior.\n
- Ingestion points: Processes data from the public GitHub surface, including issue/PR state, author status, and review comments as described in 'Core Workflow' (Step 1) in SKILL.md.\n
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands within the ingested data.\n
- Capability inventory: The skill enables the agent to classify and action work on GitHub (merge, close) and Linear (create, update) based on the ingested content.\n
- Sanitization: The instructions do not specify any validation or filtering of external content before processing.
Audit Metadata