ln-501-code-quality-checker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes untrusted data from Linear tasks and source code, which could be used by an attacker to influence the agent's analytical verdict.\n
- Ingestion points:
SKILL.mdworkflow (Steps 1, 2, and 3) loads Story descriptions, implementation task content from Linear, and reads affected source code files.\n - Boundary markers: Absent; the instructions do not specify using delimiters or warnings to ignore embedded instructions within the code being analyzed.\n
- Capability inventory: The skill has access to the Linear API (read/write comments), Git (diff extraction), and the local file system (read access).\n
- Sanitization: Absent; no escaping or validation of external content is described in the workflow.\n- External Downloads (SAFE): The documentation file
diagram.htmlincludes a reference to the Mermaid.js library via the JSDelivr CDN.\n - Evidence:
<script src="https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.min.js"></script>indiagram.html.\n - Context: This is a standard practice for rendering workflow diagrams and does not pose a security risk in this context.
Audit Metadata