linear-cleanup-feature
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs several command-line operations, including executing local scripts scripts/coordination_bridge.py and scripts/worktree.py. It also utilizes standard development tools like git, gh, make, and pytest.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Reads task descriptions from openspec/changes//tasks.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present when reading the task data. 3. Capability inventory: The skill has the capability to execute shell commands and create new proposals or issues. 4. Sanitization: No sanitization is performed on the task descriptions before they are used to generate new artifacts, allowing maliciously crafted tasks to influence agent actions.
Audit Metadata