workbench-closeout-validator
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions define the use of local Node.js scripts (such as
scripts/workbench-closeout-validator.mjsandscripts/workbench-closeout-audit-linear-adapter.mjs) to perform strict parsing and auditing of closeout metadata and events. - [PROMPT_INJECTION]: The skill processes external, untrusted data including pull request comments and Linear webhook events, which represents an indirect prompt injection surface.
- Ingestion points: Untrusted data enters the context via
closeout.md(comments) andlinear-closeout-event.json(webhook payloads). - Boundary markers: No specific delimiters or 'ignore' instructions are provided in the documentation for wrapping external inputs.
- Capability inventory: The skill possesses the capability to execute shell commands via Node.js scripts.
- Sanitization: The skill claims the use of a 'strict parser' and the emission of a 'sanitized follow-up payload' to mitigate risks from malformed or malicious inputs.
- [SAFE]: No evidence of data exfiltration, credential harvesting, obfuscation, or persistence mechanisms was detected. The skill's primary focus is on enforcing consistency and security within the project management lifecycle.
Audit Metadata