ln-523-auto-test-planner
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill maintains an indirect prompt injection surface because it ingests and parses untrusted text from external Linear comments (manual testing and research results) and local project files to generate task descriptions. This content is subsequently used to influence the behavior of downstream worker skills.
- Ingestion points: Data enters the context via get_issue and list_comments tools for Linear, and via filesystem globbing for local storage modes.
- Boundary markers: The workflow relies on regex patterns to find headers like 'Manual Testing Results' but does not implement strict delimiters to isolate external content from the model's instructions.
- Capability inventory: The skill generates a complete task plan and delegates creation to ln-301-task-creator or ln-302-task-replanner.
- Sanitization: Validation is present for data completeness and format versions, but there is no specific sanitization to prevent the model from obeying instructions embedded within the test results.
Audit Metadata