write-a-spec
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external setup URL for the Linear MCP server (https://mcp.linear.app/mcp). This targets a well-known service and the skill correctly delegates the execution to the user, ensuring no unauthorized automated installations occur.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from external sources (Linear issues). 1. Ingestion points: Linear issue bodies and comments read via searching or direct access. 2. Boundary markers: Absent; there are no instructions to the model to ignore embedded commands in the fetched ticket data. 3. Capability inventory: The skill can search, create, and update Linear issues, potentially allowing an attacker to influence ticket content if the model obeys instructions found in existing tickets. 4. Sanitization: No explicit sanitization or validation of the external content is performed before processing.
Audit Metadata