context-engineering
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data ingestion patterns and available tool capabilities.
- Ingestion points: The skill pulls untrusted data from external sources using Linear MCP tools such as
get_issueandlist_issues(defined in Path 2 ofSKILL.md). - Boundary markers: There are no explicit boundary markers or instructions provided to the agent to disregard instructions embedded within the fetched Linear data.
- Capability inventory: The skill has write access to the external platform, allowing it to execute
create_commentandcreate_issueactions based on the processed (and potentially malicious) input. - Sanitization: The skill does not define any sanitization, validation, or escaping protocols for the external content before it is interpolated into the agent's context.
Audit Metadata