ln-520-test-planner
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The orchestrator processes data from external and potentially untrusted sources to drive a multi-phase workflow, introducing a risk of indirect prompt injection. Malicious instructions placed in project boards or task comments could attempt to subvert the logic of the orchestrator or the sub-agents it manages.
- Ingestion points: Data is ingested via the
storyIdresolution process (from arguments, git branch names, or the Kanban board),docs/tasks/kanban_board.md, and Linear comments. - Boundary markers: Absent; the skill does not specify the use of delimiters or 'ignore' instructions to prevent the model from following commands embedded in the project data.
- Capability inventory: The orchestrator has the authority to invoke multiple sub-agents (
ln-521,ln-522,ln-523) with various capabilities using theTasktool. - Sanitization: Absent; untrusted inputs, such as the resolved
storyId, are directly interpolated into prompt templates used to task sub-agents without validation or escaping.
Audit Metadata