ln-403-task-rework
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted reviewer feedback and comments from task management platforms (Linear) or local markdown files, which creates an architectural surface for indirect prompt injection.\n
- Ingestion points: Linear issue comments and the review sections within task files as defined in the storage mode operations.\n
- Boundary markers: No specific delimiters or safety warnings are implemented to separate feedback data from the skill's instructions.\n
- Capability inventory: The agent uses tools to read and update task status (get_issue, save_issue) and has write access to project documentation and task files (SKILL.md).\n
- Sanitization: No explicit sanitization or validation of the input feedback is performed before it is used to plan and implement code changes.
Audit Metadata