ln-310-multi-agent-validator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
shared/agents/agent_runner.pyin Phase 2 to perform environment health checks and launch background processing tasks. These executions use thepythoncommand to run vendor-provided scripts within the local repository structure.\n- [PROMPT_INJECTION]: The skill processes Story and Task content (untrusted input) which is interpolated into prompts for external agents. This creates a surface for indirect prompt injection attacks.\n - Ingestion points: Story and Task metadata and descriptions are retrieved from the Linear API or read from local markdown files in Phase 1.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are described in the prompt construction logic in Phase 2.\n
- Capability inventory: The skill can modify local markdown files, update issue states via the Linear API (
save_issue), and execute shell commands through Python scripts.\n - Sanitization: The skill does not describe specific sanitization or validation logic for the external content before it is used to build prompts for the background agents.
Audit Metadata