four-risks
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external project management tools and has the capability to write comments back to those platforms.
- Ingestion points: The skill fetches issue details and descriptions from Linear or GitHub issues as part of the 'What Happens' workflow.
- Boundary markers: There are no explicit delimiters or instructions provided to separate the untrusted external data from the agent's core processing logic.
- Capability inventory: The skill possesses the capability to add comments to issues via Linear and GitHub MCP integrations, allowing potential injection effects to persist in the source system.
- Sanitization: No sanitization, validation, or escaping of the fetched issue content is specified in the skill instructions.
Audit Metadata