plan-ticket
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Untrusted data is fetched from Linear via the
mcp__plugin_linear_linear__get_issuetool. Boundary markers: There are no explicit delimiters or instructions for the agent to ignore potential commands embedded in the ticket title or body. Capability inventory: The agent can modify Linear tickets and execute filesystem/git commands. Sanitization: No sanitization is performed on the input data. An attacker with access to the Linear project could craft a ticket to manipulate the agent's behavior or repository analysis. - [COMMAND_EXECUTION]: The skill uses shell commands (e.g.,
git rev-parse,git ls-files,ls) to gather repository metadata. While these are restricted to specific git-related patterns in theallowed-toolspolicy, they still involve executing system-level commands. - [DATA_EXFILTRATION]: Implementation plans and codebase summaries are exported to Linear. While Linear is a well-known service, this results in technical metadata and source code details being moved from the local repository to a cloud-based platform. Users should ensure the codebase does not contain secrets that could be included in these summaries.
Audit Metadata