orbit-linear
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No instructions were found that attempt to bypass safety filters or override agent behavior.
- [DATA_EXFILTRATION]: The skill includes logic to generate links to Linear (a well-known service) using the vendor's own team identifier ('nexu'). No unauthorized data exfiltration patterns were detected.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill processes issue titles, descriptions, and status updates from the user's external Linear account.
- Boundary markers: No explicit markers are defined to delimit external data within the generated HTML response.
- Capability inventory: The skill is focused on rendering an HTML canvas and does not request access to sensitive tools, file system writes, or subprocess execution.
- Sanitization: No specific sanitization or escaping instructions are provided for handling the external issue content before it is rendered.
- [REMOTE_CODE_EXECUTION]: No remote script downloads or dynamic execution patterns were identified. The HTML template includes standard client-side scripts for theme persistence and UI interaction.
Audit Metadata