submit-pr
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from Linear issues (title, description, and acceptance criteria) via the 'get_issue' tool. This data is used to populate pull request titles and bodies. This creates an indirect prompt injection surface where malicious content in a Linear issue could influence the agent's actions during the PR creation process.
- Ingestion points: The Linear issue data fetched via 'get_issue(id)' in step 1 of SKILL.md.
- Boundary markers: No explicit delimiters or safety instructions are provided to the agent to treat issue content as data rather than instructions.
- Capability inventory: The skill can execute shell commands ('git push', 'gh pr create'), run project tests, and post comments back to Linear.
- Sanitization: The skill does not specify any sanitization or validation of the fetched issue content before using it in commands or PR templates.
- [COMMAND_EXECUTION]: The skill performs shell command execution including 'git push', 'gh pr create', and execution of the project's test suite (e.g., via 'npm test' or 'make'). These capabilities are standard for development-oriented skills but define the impact scope of potential prompt injection attacks.
Audit Metadata