product-implement
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It retrieves issue titles and bodies from external sources (Linear API and GitHub CLI) and interpolates this untrusted data directly into prompts for sub-agents using the
assets/implementer-template.mdtemplate. - Ingestion points: Phase 1 uses
linear apiandgh issue listto fetch issue content (SKILL.md). - Boundary markers: The
assets/implementer-template.mdlacks explicit boundary markers or instructions to the sub-agent to ignore instructions embedded within the issue body. - Capability inventory: The skill executes local scripts via
go run(Phase 0, 0.5, 1, 2, 3, 5), performs git operations (git worktree add,git commit), and dispatches sub-agents (Phase 2). - Sanitization: No evidence of sanitization or validation of the retrieved issue content before it is used to drive automated workflows.
- [COMMAND_EXECUTION]: The skill frequently executes local Go scripts using the pattern
go run ../../scripts/cmd/<name>. These scripts are used for critical operations including state assessment, event emission, contract creation, and data persistence. While the scripts are local to the project, their execution is driven by parameters derived from external issue data.
Audit Metadata