sred-work-summary
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from external platforms.
- Ingestion points: Step 4 and Step 6 involve reading titles and descriptions from GitHub Pull Requests, Notion documents, and Linear tickets.
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the fetched metadata.
- Capability inventory: The agent has the ability to execute shell commands (
find), write to Notion documents via MCP, and search across multiple organizational tools. - Sanitization: No sanitization or filtering of the external text content is performed before it is used for 'intelligence'-based grouping in Step 6.
Audit Metadata