brave-breakdown
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to facilitate a structured conversation for task breakdown. It uses standard MCP tools to fetch Linear issues and reads local files only as directed by the user, which is consistent with its stated purpose.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Linear issues and local source code. While this represents a surface for indirect prompt injection if those sources contain malicious instructions, the risk is negligible as the skill has no destructive capabilities or network exfiltration paths.
- Ingestion points: Data from Linear issues (via
mcp__claude_ai_Linear__get_issue) and codebase context provided by the user (SKILL.md). - Boundary markers: Not explicitly used to wrap external content.
- Capability inventory: Tool calling for Linear integration and local file system reading. No remote code execution or outbound network capabilities.
- Sanitization: None detected in the instructions.
- [COMMAND_EXECUTION]: The skill uses established MCP tools for Linear integration. These are predefined capabilities of the platform and do not constitute arbitrary or dangerous command execution.
Audit Metadata