ln-222-story-replanner
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill parses existing story content to determine replanning operations, creating a vulnerability if the data contains malicious instructions.\n
- Ingestion points: Full story descriptions are fetched via
get_issue(Linear mode) orRead(file mode) during Phase 1 of the workflow.\n - Boundary markers: The workflow does not define specific delimiters or isolation techniques to ensure the agent treats fetched story content strictly as data rather than instructions.\n
- Capability inventory: The skill possesses significant write capabilities, including
save_issue,create_issue,create_comment,Edit,Write, andmkdir, which are executed in Phase 5 based on the comparison logic.\n - Sanitization: There is no evidence of sanitization or filtering of ingested story text to prevent embedded prompts from manipulating the operation categorization (KEEP/UPDATE/OBSOLETE/CREATE).
Audit Metadata