ln-512-manual-tester
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill workflow involves generating temporary bash scripts (scripts/tmp_[story_id].sh) at runtime and explicitly instructs the agent to perform 'chmod +x' to make them executable. This pattern of runtime code generation and permission elevation poses a security risk.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection. It ingests untrusted data from Linear Story 'Acceptance Criteria' (Phase 2) and interpolates it into script templates without visible sanitization. Ingestion points: Linear Story AC; Boundary markers: None; Capability inventory: curl, shell execution, file writing; Sanitization: Absent.
- EXTERNAL_DOWNLOADS (LOW): The skill loads the Mermaid.js library via a public CDN and references Puppeteer, which typically downloads and executes browser binaries during operation.
Audit Metadata