send-to-linear
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content without defined sanitization.
- Ingestion points: According to Phase 1 in SKILL.md, the skill ingests content from Slack conversations and Fireflies transcripts.
- Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings when processing extracted content.
- Capability inventory: The skill possesses the capability to write to external services via the mcp__linear__create_issue tool as described in Phase 6.
- Sanitization: There are no explicit instructions for validating, escaping, or filtering the content retrieved from external sources before it is used to draft tickets.
- Mitigation: The design incorporates a critical safety check in Phase 5 (User Review), where the agent must 'STOP' and wait for explicit human approval before proceeding to the creation phase in Linear.
Audit Metadata