plan-ticket
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests untrusted content from Linear ticket fields and codebase files to generate its plan. 1. Ingestion points: Linear API tools (get_issue, list_comments) and codebase reading tools (Read, Grep, Glob). 2. Boundary markers: No explicit delimiters or guardrail instructions are used when interpolating external content into the agent's context. 3. Capability inventory: The skill can modify external state by saving issues and creating comments on Linear. 4. Sanitization: No input validation is performed on the data fetched from the ticket or the repository.
- [COMMAND_EXECUTION]: The skill utilizes a set of read-only shell commands to gather repository context such as the root path, branch name, and file structure. These commands (git, ls) are used solely for environment discovery and do not involve privilege escalation or the execution of untrusted external scripts.
Audit Metadata