symphony-setup
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the Symphony source code and related components from the author's GitHub repository (github.com/odysseus0/symphony) and via npx.
- [REMOTE_CODE_EXECUTION]: The build process involves compiling and executing the downloaded Symphony code using mix setup and mix build.
- [COMMAND_EXECUTION]: Utilizes system-level tools including git, mise, gh, and npx to configure the local environment and the user's repository.
- [PROMPT_INJECTION]: The skill establishes an autonomous agent framework that ingests untrusted data from Linear tickets, creating a surface for indirect prompt injection.
- Ingestion points: Ticket titles, descriptions, and comments from Linear (referenced in SKILL.md and references/linear-graphql.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the setup configuration.
- Capability inventory: Agents have capabilities for git operations (commit, push, pull) and run with a high-privilege sandbox using the danger-full-access flag (SKILL.md).
- Sanitization: No sanitization or validation of the Linear ticket content is performed before processing by the Codex agents.
Audit Metadata