ln-502-agent-reviewer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It fetches untrusted Story and Task descriptions from Linear via MCP and interpolates them into a prompt template without using boundary markers. An attacker could place malicious instructions in Linear to control the context provided to external LLM agents. Additionally, the use of the {identifier} variable from Linear in filenames without sanitization (Workflow Step 4) presents a directory traversal risk.
- [COMMAND_EXECUTION] (MEDIUM): The skill executes system commands via Bash to run the agent_runner.py script for health checks and parallel agent reviews (Workflow Steps 1 and 6). These commands rely on the integrity of the local environment and the prompt files generated from external data.
Recommendations
- AI detected serious security threats
Audit Metadata