Skills
skills/maxmurr/agents-skills/start-issue/Gen Agent Trust Hub

start-issue

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through data ingested from external Linear issues.
  • Ingestion points: The skill fetches issue details and branch names from the Linear API using the get_issue tool (SKILL.md).
  • Boundary markers: The contextual summary presented to the user lacks explicit delimiters or instructions to prevent the agent from obeying directives embedded within the ticket's acceptance criteria or user stories.
  • Capability inventory: The agent has the capability to execute shell commands (git checkout) based on values fetched from the external source.
  • Sanitization: There is no evidence that the skill validates or sanitizes the fetched Linear data before it is processed or displayed.
  • [COMMAND_EXECUTION]: The skill performs shell operations using unvalidated input from an external system.
  • The branchName retrieved from Linear is directly interpolated into git checkout and git checkout -b commands. If a malicious actor crafts a branch name containing shell command separators (e.g., ; rm -rf /), it could lead to command injection if the agent environment does not properly escape the arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 06:36 AM